After doing some research tonight on storing/accessing passwords in the OSX Keychain (http://asktherelic.com/2013/03/07/storing-command-line-passwords-in-keychain/), I was curious why the .pypirc doesn't support something like this when asking for the password during 'upload', to not have your pypi password in plaintext on your system.
As far as I can see from the source, the password is read straight from the .pypirc config: https://bitbucket.org/tarek/distribute/src/188dcdb7f0873f1b382e8bde65377c5f43266f9f/setuptools/command/upload.py?at=default#cl-66 and fails if the password value doesn't exist: https://bitbucket.org/tarek/distribute/issue/291/allow-password-to-be-omitted-from-pypirc I'm curious about implementing: 1. a password_command to support integration with external password tools (1password, keychain, keyring python lib) The implementation from the program I am trying to emulate, pianobar, is here: https://github.com/PromyLOPh/pianobar/blob/master/src/main.c#L135 just a /bin/sh for nix/osx. Could run cmd.exe for windows cross-platform compatibility. 2. better notification to the user about trying to upload with an empty password or using get_pass if empty password The only other reference to something like this is from several years ago here: http://bugs.python.org/issue4394 Does this seem like it's worth making a patch for? -- Matt Behrens
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
