[Distutils] PyPI Migrated to New Infrastructure with some Breakage
Éric Araujo
merwok at netwok.org
Mon Jan 27 18:29:49 CET 2014
Hello,
Le 26/01/2014 06:03, martin at v.loewis.de a écrit :
> There is one usecase that still isn't addressed by any of the alternatives:
> Automated uploads still require the password to be stored on disk. So if
> the laptop is stolen, the password may get stolen as well.
>
> With SSH upload, the authentication comes from the ssh-agent, which
> protects the credentials better (i.e. if the laptop is powered-down, or
> requires the user to enter a password on access, the key is protected).
>
> It has been suggested to resolve this using the keyring library (which
> would give the same protection to the password as ssh-agent to the private
> key) [...]
distutils can’t depend on keyring, but twine could.
Regards
More information about the Distutils-SIG
mailing list