[Distutils] Add optional password_command .pypirc value
Matt Behrens
askedrelic at gmail.com
Fri Mar 8 17:08:47 CET 2013
After doing some research last night on storing/accessing passwords in the OSX Keychain (http://asktherelic.com/2013/03/07/storing-command-line-passwords-in-keychain/), I was curious why the .pypirc doesn't support something like this when asking for the password during 'upload', to not have your pypi password in plaintext on your system.
As far as I can see from the source, the password is read straight from the .pypirc config:
https://bitbucket.org/tarek/distribute/src/188dcdb7f0873f1b382e8bde65377c5f43266f9f/setuptools/command/upload.py?at=default#cl-66
and fails if the password value doesn't exist:
https://bitbucket.org/tarek/distribute/issue/291/allow-password-to-be-omitted-from-pypirc
I'm curious about implementing:
1. a password_command to support integration with external password tools (1password, keychain, keyring python lib)
The implementation from the program I am trying to emulate, pianobar, is here: https://github.com/PromyLOPh/pianobar/blob/master/src/main.c#L135 just a /bin/sh for nix/osx. Could run cmd.exe for windows cross-platform compatibility.
2. better notification to the user about trying to upload with an empty password or using get_pass if empty password
The only other reference to something like this is from several years ago here: http://bugs.python.org/issue4394
Does this seem like it's worth making a patch?
--
Matt Behrens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130308/3982c5bd/attachment.html>
More information about the Distutils-SIG
mailing list