[Distutils] Security issue with Distutils register is still actual
jim at zope.com
Wed Nov 3 14:58:48 CET 2010
On Wed, Nov 3, 2010 at 7:35 AM, Tarek Ziadé <ziade.tarek at gmail.com> wrote:
> On Wed, Nov 3, 2010 at 10:47 AM, anatoly techtonik <techtonik at gmail.com> wrote:
>> Does anybody care that PyPI password are stored in a well-known
>> location in cleartext and developers are forced to store them when
>> they submit packages for review?
> We have hundreds of bugs to fix for distutils. If you propose a patch
> + test, things will speed up.
> There are already tests for various register/upload scenarii, so it
> should not be hard to copy-paste one to create your test
While that's usually a reasonable response, this isn't a bug.
This is a case where we need to come up with a better way of doing things.
Someone needs to propose something and folks need to weigh in.
More information about the Distutils-SIG