Mention that twine prompts you for credentials when omitted

[felipedau]

Suppose you have something like this in ~/.pypirc:

[distutils]
index-servers =
    pypi
    pypitest

[pypi]
repository: https://pypi.python.org/pypi

[pypitest]
repository: https://testpypi.python.org/pypi

I am not sure if this is an "intended feature" because if you call the usual python setup.py upload with username and password omitted like that, you get an error:

...
File "/usr/lib/python2.7/distutils/config.py", line 76, in _read_pypirc
current['username'] = config.get(server, 'username')
File "/usr/lib/python2.7/ConfigParser.py", line 618, in get
raise NoOptionError(option, section)
ConfigParser.NoOptionError: No option 'username' in section: 'pypi'

However, when calling twine upload it conveniently asks you for the credentials!

I just opened this issue because I think this feature should be mentioned on the README (the only documentation I could find) for people that do not like to store plaintext passwords on disk.

Thanks!

[sigmavirus24]

I just opened this issue because I think this feature should be mentioned on the README (the only documentation I could find) for people that do not like to store plaintext passwords on disk.

You also could have sent a PR with that information 😄

Feel free to do so anyway. We're all counting on you. 😛

[felipedau]

You also could have sent a PR with that information 😄

It's been a while since I opened the issue and I do not remember exactly why I didn't send a PR, but I assume that, as I said, I am not sure if this is an "intended feature" because there is a case where the credentials are prompted (probably if you explicitly say you want to), but not sure for this one, which might end up being handled by the same feature; unintended. I might be totally wrong.

Also, I really like this feature, but there could be someone that says that you are not following the official specification of that file, where you must have username and password (python setup.py upload crashes if omitted). Do you think that would be a problem?

Feel free to do so anyway. We're all counting on you. 😛

I will do that then :) By the way, what are your plans for #11? Is it okay if I added the current documentation from the README to the docs directory so that we start building a real one for https://twine.readthedocs.org?

[sigmavirus24]

Please don't do that in the same pull request. If you want to work on #11 that should be a separate pull request. Given the timeline for Warehouse, I don't think twine will be around much longer.

[felipedau]

Please don't do that in the same pull request. If you want to work on #11 that should be a separate pull request.

Absolutely.

Given the timeline for Warehouse, I don't think twine will be around much longer.

Oh, got it.

[annaraven]

It's June. Should we mention this in the docs? While we're waiting for Warehouse and Twine/Pip integration?

[felipedau]

It's June. Should we mention this in the docs? While we're waiting for Warehouse and Twine/Pip integration?

Sorry, I totally forgot about this. Is there a schedule for the integration?

[jaraco]

If you make changes in this regard, please consider also mentioning the feature added in #208 where it won't prompt for credentials if it finds them in a (secure) keyring.

[brainwane]

I'm a newish Twine maintainer. Thanks for the suggestion for improvement!

A status update:

Warehouse, the codebase behind the new PyPI, is available as a pre-production site at https://pypi.org, we're making steady progress on the developer roadmap thanks to funding from Mozilla's Open Source Support Program, and it's on its way to replacing the legacy PyPI site this year. We're currently seeking feedback from package maintainers, including via several IRC livechats/office hours this week, about what does or doesn't work for you in the new interface, and in the next few weeks we'll be doing so with the wider Python developer community.

I'm working on releasing Twine 1.10.0 in the next few days.

In #154 people are discussing the long-term vision for Twine, which is definitely up in the air, but clearly Twine has stuck around for several years and it's not about to disappear in the next few weeks or months.

We've improved Twine user (and developer) documentation a lot in the past couple months -- see http://twine.readthedocs.io/ (@felipedau, as you suggested, I included the README in the Read the Docs index page). And the Python Packaging User Guide has a lot more material than it used to about .pypirc files -- see https://packaging.python.org/tutorials/distributing-packages/?highlight=pypirc , https://packaging.python.org/guides/migrating-to-pypi-org/?highlight=pypirc , and https://packaging.python.org/guides/using-testpypi/?highlight=pypirc .

I think documenting Twine's behavior and .pypirc is worthwhile, and would welcome pull requests! And #277 is where we are specifically figuring out what documentation to add about keyring usage, which figures into pypa/packaging.python.org#297 . I want to both make sure that we have, or link to, comprehensive .pypirc guidance, AND encourage folks to use keyring instead.

[brainwane]

@felipedau with #323 merged, I think we have a good template for documentation for this topic. Would you be interested in submitting a PR?

[felipedau]

Hi @brainwane! I'm really sorry for taking such a long time to get back to you. I hope that #340 is close to what you had in mind.

Thank you very much for your work and everyone's who is also involved in this project backed by Mozilla Open Source Program. It's a huge benefit to the Python community!

[jaraco]

The docs say "twine will automatically prompt you for username or password". That seems satisfactory for now. Thanks felipedau for the attempted PR on this issue, but I think the system is now WAI. Feel free to re-engage the effort if you find the behavior is still surprising.