Requiring users to downgrade python-cryptography system wide to a year old version is a really bad idea. First, Arch doesn't support partial upgrades, second, this version is not available in the mirrors so users would have to compile it themselves, and third, this version is affected by a quite bad vulnerability.
I understand this restriction is from upstream, but it seems it's only a problem in their CI (to be confirmed).
Perhaps someone using the ssh features of mycli could confirm if it works even with the latest cryptography?
Pinned Comments
loonies commented on 2019-12-06 11:43 (UTC) (edited on 2019-12-10 07:36 (UTC) by loonies)
Prior to flagging the package out-of-date or reporting build errors please:
Do not expect AUR packages to trigger rebuild or suggest bumping "pkgrel" number. This is expected behaviour and the way Arch packing is designed to work.
For more information read the official documentation and man pages.