psf / fundable-packaging-improvements

Packaging improvements that could be funded
52 stars 19 forks source link

Section for pluggable auth backend support #7

Closed uranusjr closed 4 years ago

uranusjr commented 4 years ago

Close #5.

What is the current situation/context? Standard packaging tools currently only supports package indexes using basic authentication.

What ought to be fixed, made, or implemented? See pypa/pip#4475 and pypa/twine#362. A shared interface and implementation for various alternative authentication method support can be developed for both tools (and maybe more), so organisations can choose to install them to be able to use e.g. Kerberos to secure their private package indexes.

What kinds of work are necessary to make this happen?

pradyunsg commented 4 years ago

With something like this, we'd also be able to drop the keyring out-of-the-box integration in those tools (at least in pip) in favor of a plugin like this -- which would help usability as well -- and is worth noting here.

xmunoz commented 4 years ago

Can you add these issues into the markdown file?

brainwane commented 4 years ago

I second @xmunoz -- I think you should add the details you shared in the comment on this pull request into the FUNDABLES item itself.

uranusjr commented 4 years ago

I’ve added the content of the PR description as a part of the patch.

uranusjr commented 4 years ago

Thanks! Updated.

brainwane commented 4 years ago

Thanks @uranusjr and thanks reviewers! I have polished wording slightly in 5f62a3a00cb9492a6e52ac8685c008ac741e3c0f .