RPyC is approaching the release of 3.1.0 (I don't have a date set yet, but it should be released by September). I'm writing about it because it's no longer a maintenance release, and it does break backwards compatibility a little. So without further a due, here's the list of the planned changes (at the moment of writing):
Dropping twisted_integration
Strangely enough, RPyC includes an integration module with twisted, which I'm sure not many of you knew of. It's an ugly hack, which basically blocks twisted's reactor while RPyC's doing things, and I included it for some user who asked for twisted integration. It was more of a proof of concept than an actual utility, but since it has been there in RPyC 2.6, it got migrated to 3.0.
I had a look at it a couple of days ago and realized it's (1) ub3r ugly and (2) uncalled for. As far as I remember, no one has ever had problems using it — which leads to the only possible conclusion that no one has ever used it. So unless there's a strong lobby for it, I will be happy to remove it from the package :)
Dropping tlslite
RPyC has a long history with TLSLite, which has been used as an optional plug-in security layer since 2006. The problem is, tlslite is no longer maintained, and it started giving warnings in python2.6, and will probably not work in python3.0 and later. Also, starting with python2.6, python itself comes with a decent ssl implementation, so there's no reason to keep it. And finally, we've only been using a method called "Verifier DB", which is basically username-password-based authentication. This is quite weak (having a plaintext password in your source code), and I've wanted to move to public-key-based authentication for a while. On the other hand, X509 certificates are cumbersome and require a central authority of trust, which is not the normal use case in RPyC. What I wanted was a distributed mutual authentication method, a la SSH (known_hosts and authorized_keys). Therefore I decided to drop tlslite and move to something different.
New security layer
I've been working hard to implement a new security layer, better integrated into RPyC, which would support more authentication methods. At the moment of writing, it supports:
- Unauthenticated but encrypted sessions (SSL without certificates)
- Username-password-based authentication (a la RPyC 3.0) on top of SSL
- Public-key-based authentication (a la SSH) on top of SSL
I might also add X509 certificates and other methods. You can have a peek at it in the svn, and I'll discuss it thoroughly (and the reasons for writing it) in future installments.
Update: read about the new security layer.
