Passlib is slowly moving towards 2.0, and with it, there are plans to cleanup (and attempt to simplify) a lot of the internal code. Release 1.7 made some major cleanups to the API, while trying to maintain backwards compatibility. 1.8 will shed some low-impact features, and add some slated new ones.
If something here would impact your application, please post a question / feedback on the mailing list!
As a heads-up, developers may be impacted by the following changes planned for future releases:
- passlib.context: Removal of long-deprecated
- passlib.apache: Removal of deprecated v1.5 compatibility methods.
- passlib.ext.django: Split out as separate project, or remove it. See issue
- passlib.handlers: This package contains the actual hasher implementations, and should have been private all along. It will probably be renamed to passlib._hashers (or even relocated to within
passlib.hash, if that's feasible given the proxy module that currently sits there).
- Depending on v2.0 development changes, there may be a v1.9 a transitional release: applications using non-deprecated parts of 1.9 should be able to drop in 2.0 without much pain.
Dropping Python 2.x / 3.3 support (May happen sooner, if pip/tox toolchain drops support first).
A large number of deprecated methods and features will be removed; primarily the deprecated
CryptContextobjects will default to
deprecated="auto", meaning all but the first scheme will be considered deprecated unless explicitly stated otherwise.
HtpasswdFilewill default to apache-2.4 compatible defaults. Forward- & backward- compatible
default_schemesettings are available as of Passlib 1.7.
Python Deprecation Policy
The following is a rough guide for when Passlib will drop support for a Python version:
When pip or setuptools drops support, Passlib will follow.
When tox or virtualenv drops support, Passlib will generally follow, unless there's a particular demand for that python release, and that demand justifies the special handling required for testing.
Otherwise general compatibility will be attempted, unless the python version requires specific hacks to the source code, in which case support will be dropped once general usage is low enough.