➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2013-02-01 01:45 by graingert, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (5) | |||
|---|---|---|---|
| msg181052 - (view) | Author: Thomas Grainger (graingert) * | Date: 2013-02-01 01:45 | |
Having the password stored in a plain-text configuration file is not great security. A better choice would be to try to use the OS keyring and then fall back to a plaintext file An example implementation of a generic keyring python interface is available at: http://pypi.python.org/pypi/keyring/ |
|||
| msg181332 - (view) | Author: Éric Araujo (eric.araujo) *  |
Date: 2013-02-04 15:26 | |
The general idea is absolutely right: using proper keyrings (or ssh) is an excellent thing for security and ease of use. A big obstacle however is the rules for stdlib inclusion: a module such as keyring which is tied to specific applications/libs/file formats and may need a short release cycle to adapt for changes in the programs. So while I think keyring is a great library, I fear it does not fit the criteria for stdlib inclusion. The workaround is to enter your password each time you upload and never store it. This isn’t great. What if there was an option specifying a program to call to get the password? That way one could use clvault (command-line interface to python-keyring), maybe ssh-askpass, keepass, etc., but we wouldn’t have code subject to obsolescence in the stdlib. It would not be as nice as seamless password retrieval, and it would not be 100% secure (password is still in memory), but it would solve the storage problem. What do you think? [FYI the distutils2 project is stopped. I don’t have the time right now to go into details again, and there isn’t a single link I can give that explains things well.] |
|||
| msg275213 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2016-09-08 23:43 | |
Please take this idea to https://www.pypa.io/ |
|||
| msg275214 - (view) | Author: Thomas Grainger (graingert) * | Date: 2016-09-08 23:46 | |
But distutils is a core Python module... On 9 Sep 2016 00:43, "Christian Heimes" <report@bugs.python.org> wrote: > > Christian Heimes added the comment: > > Please take this idea to https://www.pypa.io/ > > ---------- > nosy: +christian.heimes > resolution: -> out of date > status: open -> closed > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue17096> > _______________________________________ > |
|||
| msg275216 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2016-09-08 23:48 | |
PyPA is now maintaining packaging and developing software for packaging. They develop new tooling to upload packages, too. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:41 | admin | set | github: 61298 |
| 2016-09-08 23:48:36 | christian.heimes | set | messages: + msg275216 |
| 2016-09-08 23:46:20 | graingert | set | messages: + msg275214 |
| 2016-09-08 23:43:48 | christian.heimes | set | status: open -> closed nosy: + christian.heimes messages: + msg275213 resolution: out of date |
| 2013-02-04 15:26:18 | eric.araujo | set | messages:
+ msg181332 components: + Distutils, - Distutils2 versions: + Python 3.4 |
| 2013-02-01 01:45:25 | graingert | create | |