Éric Araujo added the comment:

The general idea is absolutely right: using proper keyrings (or ssh) is an 
excellent thing for security and ease of use.  A big obstacle however is the 
rules for stdlib inclusion: a module such as keyring which is tied to specific 
applications/libs/file formats and may need a short release cycle to adapt for 
changes in the programs.  So while I think keyring is a great library, I fear 
it does not fit the criteria for stdlib inclusion.

The workaround is to enter your password each time you upload and never store 
it.  This isn’t great.

What if there was an option specifying a program to call to get the password?  
That way one could use clvault (command-line interface to python-keyring), 
maybe ssh-askpass, keepass, etc., but we wouldn’t have code subject to 
obsolescence in the stdlib.  It would not be as nice as seamless password 
retrieval, and it would not be 100% secure (password is still in memory), but 
it would solve the storage problem.  What do you think?

[FYI the distutils2 project is stopped.  I don’t have the time right now to go 
into details again, and there isn’t a single link I can give that explains 
things well.]

----------
components: +Distutils -Distutils2
versions: +Python 3.4

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue17096>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to