Message319699
In its current implementation, a user is required to provide their cleartext PyPi password in their .pypirc configuration file for authenticated interactions with PyPi servers to succeed. For hopefully obvious reasons, this is sub-optimal from a security standpoint.
In some popular utilities (e.g. msmtp), the ability to provide a `passwordeval` field is made optional to the user. The value to this field is executed by the OS-dependent shell, and the return value is then used as the password.
For example, instead of this:
```
index-servers=
pypi
[pypi]
username=jperras
password=mygreatpassword
```
we can instead have this:
```
index-servers=
pypi
[pypi]
username=jperras
passwordeval="gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.pypipwd.gpg"
``` |
|
Date |
User |
Action |
Args |
2018-06-16 02:54:38 | jperras | set | recipients:
+ jperras, eric.araujo, dstufft |
2018-06-16 02:54:38 | jperras | set | messageid: <1529117678.87.0.56676864532.issue33875@psf.upfronthosting.co.za> |
2018-06-16 02:54:38 | jperras | link | issue33875 messages |
2018-06-16 02:54:37 | jperras | create | |
|