2010/11/3 Jim Fulton <[email protected]>: > On Wed, Nov 3, 2010 at 3:56 PM, anatoly techtonik <[email protected]> wrote: >> On Wed, Nov 3, 2010 at 4:07 PM, Tarek Ziadé <[email protected]> wrote: >>>> I should have looked more carefully at the issue. The refusal to >>>> use a password without storing it *is* a fairly narrow bug. >>> >>> Yes this is a bug. the password should be reused by upload. There's >>> code for this but it seems to fails >> >> Fix landed. >> http://bugs.python.org/issue9995 >> >>>>> This is a case where we need to come up with a better way of doing things. >>>>> Someone needs to propose something and folks need to weigh in. >>>> >>>> I would love to see a solution to the broader problem. >>>> >>>> I really don't want to have to enter a password every time I >>>> upload a package. >>> >>> me neither :) >> >> Does anybody know where is documentation on supported authentication in PyPI? >> >>>> I guess a good solution would be to integrate with existing >>>> password-management tools. This could be prototyped as an >>>> a separate upload tool. >>> >>> I have mentored a project in GSOC last year exactly for this case: >>> keyring (avialable at PyPI) >>> >>> It is already successfully used in Mercurial (mercurial-keyring) that >>> suffers the same problem when doing http/https >>> >>> The next step was to integrate keyring in distutils/upload but was not >>> done yet due to a lack of time. >> >> Network protection is still weak. The password is sent nearly in cleartext. > > Right, we'd want to use https as well. Presumably, that's the easy part.
+1. > Jim > > -- > Jim Fulton > -- Tarek Ziadé | http://ziade.org _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
