Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate with Twine for increased PyPI account security #1

Open
justinmayer opened this issue Sep 27, 2013 · 1 comment
Open

Integrate with Twine for increased PyPI account security #1

justinmayer opened this issue Sep 27, 2013 · 1 comment
Assignees
@noirbizarre
Labels
enhancement
Milestone
0.5

Comments

@justinmayer
Copy link

Why it would benefit Bumpr:

The biggest reason to use twine is that python setup.py upload uploads files over plaintext. This means anytime you use it you expose your username and password to a MITM attack. Twine uses only verified TLS to upload to PyPI protecting your credentials from theft.

Secondly it allows you to precreate your distribution files. python setup.py upload only allows you to upload something that you've created in the same command invocation. This means that you cannot test the exact file you're going to upload to PyPI to ensure that it works before uploading it.

Finally it allows you to pre-sign your files and pass the .asc files into the command line invocation (twine upload twine-1.0.1.tar.gz twine-1.0.1.tar.gz.asc). This enables you to be assured that you're typing your gpg passphrase into gpg itself and not anything else since you will be the one directly executing gpg --detach-sign -a <filename>.

Link:

https://pypi.python.org/pypi/twine/
@noirbizarre
Copy link
Owner

I will look into that.

I'm doing a little bit of refactoring on bumpr (it was a first release) and will include it if possible.

@noirbizarre noirbizarre added this to the 0.3.0 milestone Nov 21, 2015
@noirbizarre noirbizarre modified the milestones: 1.0.0, 0.3.0 Jan 8, 2017
@noirbizarre noirbizarre self-assigned this Jan 8, 2017
@noirbizarre noirbizarre modified the milestones: 1.0, 0.5 Dec 4, 2021
bolinocroustibat added a commit to bolinocroustibat/bumpr that referenced this issue Nov 14, 2024
@bolinocroustibat
chore: rename to bumpx and fix pre-commit (noirbizarre#1)
96d1eb1 
* docs: rename bump'r to bump'x

* fix: fix pre-commit

* fix: fix pre-commit

* fix: fix pre-commit

* docs: remove bumpr docs for now
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noirbizarre noirbizarre

Labels
enhancement
Projects
None yet
Milestone
0.5
Development

No branches or pull requests
2 participants
@noirbizarre @justinmayer