page recommends use of “python setup.py upload”

[Lx]

From the Python Wheels homepage:

…and when you'd normally run python setup.py sdist upload, run instead python setup.py sdist bdist_wheel upload.

This is a security risk according to the Python Packaging User Guide:

Warning: In other resources you may encounter references to using python setup.py register and python setup.py upload. These methods of registering and uploading a package are strongly discouraged as it may use a plaintext HTTP or unverified HTTPS connection on some Python versions, allowing your username and password to be intercepted during transmission.

and may therefore warrant at least a mention that the use of something else is encouraged.

[ghickman]

@Lx – thanks for raising this!

Would you consider a PR to reword this section? @meshy and myself are, unfortunately, tied up this week and unable to look into it.

[Lx]

Sorry, but I'm not knowledgeable enough on Python packaging at this point to do so comfortably. I hope this/next week is a little less hectic for you!