On Mar 7, 2013, at 11:40 PM, Matt Behrens <askedre...@gmail.com> wrote:
> After doing some research tonight on storing/accessing passwords in the OSX > Keychain > (http://asktherelic.com/2013/03/07/storing-command-line-passwords-in-keychain/), > I was curious why the .pypirc doesn't support something like this when > asking for the password during 'upload', to not have your pypi password in > plaintext on your system. > > As far as I can see from the source, the password is read straight from the > .pypirc config: > > https://bitbucket.org/tarek/distribute/src/188dcdb7f0873f1b382e8bde65377c5f43266f9f/setuptools/command/upload.py?at=default#cl-66 > > and fails if the password value doesn't exist: > > https://bitbucket.org/tarek/distribute/issue/291/allow-password-to-be-omitted-from-pypirc > > I'm curious about implementing: > > 1. a password_command to support integration with external password tools > (1password, keychain, keyring python lib) > > The implementation from the program I am trying to emulate, pianobar, is > here:https://github.com/PromyLOPh/pianobar/blob/master/src/main.c#L135 just a > /bin/sh for nix/osx. Could run cmd.exe for windows cross-platform > compatibility. > > 2. better notification to the user about trying to upload with an empty > password or using get_pass if empty password > > The only other reference to something like this is from several years ago > here: http://bugs.python.org/issue4394 > > Does this seem like it's worth making a patch for? Secure password storage is always worth working on :). Have you heard of the Keyring module? <https://pypi.python.org/pypi/keyring/> It already supports a cross-platform interface to this sort of thing, including the OS X keychain. -glyph
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
