Hello,
Le 26/01/2014 06:03, mar...@v.loewis.de a écrit :
There is one usecase that still isn't addressed by any of the alternatives:
Automated uploads still require the password to be stored on disk. So if
the laptop is stolen, the password may get stolen as well.
With SSH upload, the authentication comes from the ssh-agent, which
protects the credentials better (i.e. if the laptop is powered-down, or
requires the user to enter a password on access, the key is protected).
It has been suggested to resolve this using the keyring library (which
would give the same protection to the password as ssh-agent to the private
key) [...]
distutils can’t depend on keyring, but twine could.
Regards
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
