this will let us drop M2Crypto, for one thing.
How so? The pyjwkest docs don't say that it supports RSA signing which is what we needed m2crypto for. "This is Mozilla's fork of PyJWT which adds RSA algorithms, fixes some timing attacks, and makes a few other adjustments." ~ https://github.com/rtilder/pyjwt
Hmm, it has jwkest.jwk.RSAKey, which supports signing etc. I didn't look at the docs.
it doesn't really have docs :) Well, that may work. We just need RSA signing for receipts.
if the code is based on PyJWT we should also check it for the timing attack: https://github.com/rtilder/pyjwt/commit/02956549b59da49d9e785164f1115ff4194e9375
(In reply to Allen Short [:ashort] from comment #0) > this will let us drop M2Crypto, for one thing. yesss
Assignee: nobody → kumar.mcmillan
Unassigning some repoman stuff until desktop payments is stable
Assignee: kumar.mcmillan → nobody
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
Whiteboard: [repoman] → [repoman][marketplace-transition]
You need to log in before you can comment on or make changes to this bug.