10 Oct
2025
10 Oct
'25
5:42 a.m.
On 2025-10-09 17:47:35 -0700 (-0700), melanie witt wrote: [...]
whether or not Nova supports the key types depends only on the version of the Python 'cryptography' library installed as it does not deal with the key types directly. [...]
What's the actual intent behind this check? Is it simply an attempt to prevent uploading bogus/malformed keys? If so, as Clark pointed out, the check has been trivially bypassable for years (in OpenDev we've been treating it as a feature). Or is there some additional functionality in Nova that depends on being able to parse keys rather than just treating them as an opaque blob? -- Jeremy Stanley