27 Jan
2014
27 Jan
'14
5:29 p.m.
Hello, Le 26/01/2014 06:03, martin@v.loewis.de a écrit :
There is one usecase that still isn't addressed by any of the alternatives: Automated uploads still require the password to be stored on disk. So if the laptop is stolen, the password may get stolen as well.
With SSH upload, the authentication comes from the ssh-agent, which protects the credentials better (i.e. if the laptop is powered-down, or requires the user to enter a password on access, the key is protected).
It has been suggested to resolve this using the keyring library (which would give the same protection to the password as ssh-agent to the private key) [...]
distutils can’t depend on keyring, but twine could. Regards