> On 28 Dec 2015, at 09:35, Hynek Schlawack <h...@ox.cx> wrote: > > Hi, > > we have quite a bit of pull requests on pyOpenSSL that revolve around > improving the state of x509 objects in general as far as I understand it. > > Since I already got reprimanded by Alex G for merging one because > cryptography has routines for that, I wonder if we should close them all as > WONTFIX and instead add methods akin to `PKey.from_cryptography()`, > `key_instance.to_cryptography()`. > > I welcome any feedback. The current pyOpenSSL situation which is mostly a > swamp of guilt is becoming unbearable to me. When I took over maintainership > I made it clear that I see myself mostly as a repo janitor and Bad Ideas > Deflector™. Sadly that’s not working out at all. Getting rid of the burden > of actually moving forward a whole sub-system might alleviate that a bit I > guess (this is not meant as an ultimatum, I have no idea if it’d help).
As official “sometimes helps Hynek when he feels sad” person, I’m strongly in favour of deprecating whatever we can from PyOpenSSL if there is a good alternative available (i.e. cryptography). It’s frustrating and perplexing that installing PyOpenSSL gives you two interfaces for working with X509 certs, and where the top layer is arguably *less* helpful (and definitely more surprising) than the layer it uses to do the real work. To make this kind of deprecation work I think we definitely need a to/from cryptography method to have been in place for a while, so I’m in favour of this plan. Long term, however, I want PyOpenSSL stripped down to be only what cryptography itself does not do. Cory
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
