On Sat, Mar 9, 2013 at 4:25 PM, Lennart Regebro wrote:
> On Fri, Mar 8, 2013 at 6:57 PM, Donald Stufft wrote:
>> HTTP has a token that is functionally similar to SSH keys. Client side SSL
>> certificates. They would function fine and enable similar uses as SSH keys.
>
> Every time I've used that
On Fri, Mar 8, 2013 at 6:57 PM, Donald Stufft wrote:
> If you're uploading via SSH you'll open a SSH tunnel and then POST to PyPI
> over that tunnel.
You are not required to use HTTP, there are several other protocols
you can use such as SCP of SFTP. Not that I think it matters which
protocol we
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/08/2013 12:57 PM, Donald Stufft wrote:
> If you're uploading via SSH you'll open a SSH tunnel and then POST to
> PyPI over that tunnel.
That isn't a hard requirment. The PyPI software could add a command-line
script used for uploads which depen
On Fri, Mar 08, 2013 at 12:57:54PM -0500, Donald Stufft wrote:
> On Mar 8, 2013, at 12:47 PM, Lennart Regebro wrote:
>
> > On Fri, Mar 8, 2013 at 6:01 PM, Donald Stufft wrote:
> >> I dislike hijacking SSH to tunnel a HTTP protocol over
> >
> > I'm not sure we have to hijack or tunnel anything.
On Mar 8, 2013, at 12:47 PM, Lennart Regebro wrote:
> On Fri, Mar 8, 2013 at 6:01 PM, Donald Stufft wrote:
>> I dislike hijacking SSH to tunnel a HTTP protocol over
>
> I'm not sure we have to hijack or tunnel anything. :-)
If you're uploading via SSH you'll open a SSH tunnel and then POST to
On Fri, Mar 8, 2013 at 6:01 PM, Donald Stufft wrote:
> I dislike hijacking SSH to tunnel a HTTP protocol over
I'm not sure we have to hijack or tunnel anything. :-)
> and adding more reliance on SSH keys means a lost SSH key becomes _even_
> worse than it already is.
I don't follow that argume
On Mar 8, 2013, at 11:32 AM, Lennart Regebro wrote:
> On Fri, Mar 8, 2013 at 5:08 PM, Matt Behrens wrote:
>> Does this seem like it's worth making a patch?
>
> Personally I think it's better to the the ssh way and support
> uploading via ssh with uploaded ssh keys, and deprecate the password
>
On Fri, Mar 8, 2013 at 5:08 PM, Matt Behrens wrote:
> Does this seem like it's worth making a patch?
Personally I think it's better to the the ssh way and support
uploading via ssh with uploaded ssh keys, and deprecate the password
support for uploading. That way there is no problems with integra
After doing some research last night on storing/accessing passwords in the OSX
Keychain
(http://asktherelic.com/2013/03/07/storing-command-line-passwords-in-keychain/),
I was curious why the .pypirc doesn't support something like this when asking
for the password during 'upload', to not have yo