[issue33875] Allow dynamic password evaluation in pypirc configuration file.

2021-02-03 Thread Steve Dower 


Steve Dower  added the comment:

Distutils is now deprecated (see PEP 632) and all tagged issues are being 
closed. From now until removal, only release blocking issues will be considered 
for distutils.

If this issue does not relate to distutils, please remove the component and 
reopen it. If you believe it still requires a fix, most likely the issue should 
be re-reported at https://github.com/pypa/setuptools

--
nosy: +steve.dower
resolution:  -> out of date
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33875] Allow dynamic password evaluation in pypirc configuration file.

2019-03-18 Thread Rémi Lapeyre 

Rémi Lapeyre  added the comment:

I think there might be a need for a new function in the getpass module that 
fetch it from the operating system secure enclave, like KeyChain on OSX.

Currently there is no facility for storing secrets securely, the documentation 
of secrets says:

> Applications should not store passwords in a recoverable format, whether 
> plain text or encrypted.

but as far as I know there is no facility to save a secret when you actually 
need to get it back in plaintext.

--
nosy: +remi.lapeyre

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33875] Allow dynamic password evaluation in pypirc configuration file.

2018-06-22 Thread Jakub Wilk 


Change by Jakub Wilk :


--
nosy: +jwilk

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33875] Allow dynamic password evaluation in pypirc configuration file.

2018-06-20 Thread Ned Deily 


Change by Ned Deily :


--
nosy: +ncoghlan

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33875] Allow dynamic password evaluation in pypirc configuration file.

2018-06-15 Thread Joel Perras 


Change by Joel Perras :


--
keywords: +patch
pull_requests: +7348
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33875] Allow dynamic password evaluation in pypirc configuration file.

2018-06-15 Thread Joel Perras 


New submission from Joel Perras :

In its current implementation, a user is required to provide their cleartext 
PyPi password in their .pypirc configuration file for authenticated 
interactions with PyPi servers to succeed. For hopefully obvious reasons, this 
is sub-optimal from a security standpoint.

In some popular utilities (e.g. msmtp), the ability to provide a `passwordeval` 
field is made optional to the user. The value to this field is executed by the 
OS-dependent shell, and the return value is then used as the password.

For example, instead of this:

```
index-servers=
pypi

[pypi]
username=jperras
password=mygreatpassword

```

we can instead have this:

```
index-servers=
pypi

[pypi]
username=jperras
passwordeval="gpg --quiet --for-your-eyes-only --no-tty --decrypt 
~/.pypipwd.gpg"
```

--
components: Distutils
messages: 319699
nosy: dstufft, eric.araujo, jperras
priority: normal
severity: normal
status: open
title: Allow dynamic password evaluation in pypirc configuration file.
type: enhancement
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com