This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients christian.heimes, eric.araujo, gregory.p.smith, gvanrossum, loewis, pitrou, tarek
Date 2013-02-04.10:24:45
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <604464792.7198009.1359973478222.JavaMail.root@zimbra10-e2.priv.proxad.net>
In-reply-to <1359972222.78.0.301395503133.issue17121@psf.upfronthosting.co.za>
Content
> Martin has created a SSH uploader for distutils
> http://pypi.python.org/pypi/pypissh. I suggest that we include the
> feature in the next security update for Python 2.6 to 3.3. I'm well
> aware that this beats the "no new feature" clause but in my opinion
> "security beats purity".

"this package performs heavy monkey-patching of distutils to make it
use the system's ssh command. Users using this package should run
ssh-agent (which runs automatically in the background on many systems)
and load their PyPI key into the ssh agent."

I don't think this bodes well for immediate inclusion, especially in
a bugfix release. Perhaps some time should be taken to clean it up
and then include it in 3.4.

I'm still not sure why this would be better than HTTPS upload, though.
History
Date User Action Args
2013-02-04 10:24:45pitrousetrecipients: + pitrou, gvanrossum, loewis, gregory.p.smith, christian.heimes, tarek, eric.araujo
2013-02-04 10:24:45pitroulinkissue17121 messages
2013-02-04 10:24:45pitroucreate