The general gist is, that the only way to grant an external service any access to your package is by either giving them your username/password, or by having a general user account for that service (similar to Alex Clark's `python packages`) user. Utilizing OAuth (beyond a basic log into external site with pypi creeds) would give a secure way for an owner to grant authorization for an external service to a resource (in this case a package). Without needing to resort to the hackish fake user accounts.
On Monday, January 23, 2012 at 8:23 PM, Donald Stufft wrote: > If i'm the owner of package foo, and website bar.com (http://bar.com) wants > to modify my PyPI listing, or get private information, or whatever OAuth > could be used to securely grant bar.com (http://bar.com) authorization to the > foo resource. > > And I wasn't aware of PyPI's OpenID support, but now that I know of it I > believe I have some ideas for taking advantage of it yes. > > On Monday, January 23, 2012 at 7:13 PM, Richard Jones wrote: > > > On 24 January 2012 10:47, Donald Stufft <[email protected] > > (mailto:[email protected])> wrote: > > > Well I'm interested in PyPI OpenID ;) (or OAuth, either way… OAuth would > > > be > > > nice in that people could give authorization to specific packages, and be > > > more comprehensive then just a Login) > > > > > > > > > Could you explain what you mean by "people could give authorization to > > specific packages"? Do you have a specific use-case in mind? Do you > > have a site that intends to use PyPI's OpenID? > > > > > > Richard >
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
