Open vadave opened 2 years ago
And to be clear - I was viewing this a bit different than what's currently mentioned in the fundables page , as that's talking about what sounds like a major refactoring with possible integrations to different credential providers. I'd be happy keeping that functionality "outside" of pip, and simply exposing some mechanism where JWT/x509-type credentials can be configured for different hosts.
Would this draft PEP address this issue? https://github.com/python/peps/pull/3172/files#diff-02ff357bfc90c25924796075c23d3704348f88e272c9ab37b30956bd3c8ad109
One possible area for funding that seems like it should be a no-brainer is adding support to pip for JSON Web Token (JWT) and x509 client certificate-based authentication. Many organizations use private package repositories, and the current limitation of basic-auth-based credentials is a bit of a downer.
This could have the added benefit of integrating nicely with CI systems like Github Actions and Gitlab-CI, both of which generate JWTs for each job.