On Wed, Nov 3, 2010 at 9:58 AM, Jim Fulton <[email protected]> wrote: > On Wed, Nov 3, 2010 at 7:35 AM, Tarek Ziadé <[email protected]> wrote: >> On Wed, Nov 3, 2010 at 10:47 AM, anatoly techtonik <[email protected]> >> wrote: >>> Hello, >>> >>> Does anybody care that PyPI password are stored in a well-known >>> location in cleartext and developers are forced to store them when >>> they submit packages for review? >>> http://bugs.python.org/issue9995 >>> >> >> We have hundreds of bugs to fix for distutils. If you propose a patch >> + test, things will speed up. >> There are already tests for various register/upload scenarii, so it >> should not be hard to copy-paste one to create your test > > While that's usually a reasonable response, this isn't a bug.
I should have looked more carefully at the issue. The refusal to use a password without storing it *is* a fairly narrow bug. > This is a case where we need to come up with a better way of doing things. > Someone needs to propose something and folks need to weigh in. I would love to see a solution to the broader problem. I really don't want to have to enter a password every time I upload a package. I guess a good solution would be to integrate with existing password-management tools. This could be prototyped as an a separate upload tool. JIm -- Jim Fulton _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
