Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alternative authentication methods in packaging tools #35

Open
xmunoz opened this issue Apr 26, 2021 · 0 comments
Open

Alternative authentication methods in packaging tools #35

xmunoz opened this issue Apr 26, 2021 · 0 comments
Labels
enhancement New feature or request security

Comments

@xmunoz
Copy link
Member

xmunoz commented Apr 26, 2021

Python packaging tools that interact with package indexes, such as pip (pypa/pip#4475) and twine (pypa/twine#362), currently only have simple authentication support to secure private sources, such as basic access authentication. Open source tool maintainers acknowledge that, when using third-party indices, sometimes organisational policies require stronger authentication methods, such as single sign-on. We believe it’s beneficial to develop a pluggable Python library that can be depended by the packaging tools to provide additional authentication methods. But we lack both the use case and domain knowledge in the area. We are looking for funding and expertise support from organisations.

We are interested in developing a shared interface and implementation for various alternative authentication methods. Support can be developed for both tools (and maybe more), so organisations can choose to install them to be able to use e.g. Kerberos to secure their private package indexes. The work involved would include development, research, project management, and technical writing work towards the following tasks:

  • Survey various authentication methods, and how they can be implemented as a pluggable library.
  • Develop an interface that tools (e.g. pip) can implement to detect authentication method support, and call into the library that provides it.
  • Develop and maintain libraries that implement the various auth methods for users to install when support is needed.
@xmunoz xmunoz added enhancement New feature or request security labels Apr 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request security
Projects
None yet
Development

No branches or pull requests

1 participant