Remove NETRC Usage #9
Comments
|
@btimby can this be removed? |
|
It exists only because I use .netrc instead putting passwords onto command lines (those are globally viewable on your system via /proc and other means). It was included as a choice for users so they could (somewhat) securely store credentials. At the end of the day, I don't really care that much, since the API is used as a library, they can select their own credential management. @Ryanb58: DEPRECATED. |
|
BTW, would love a link showing it is DEPRECATED. I come up blank. |
|
Let me give a bit more information about .netrc. .netrc is just a place to put network credentials. (Almost?) All unix network clients and many libraries support it. FTP is one (wget, curl, python-requests, rsync, blah, blah, blah). Think of using a python script in combination with wget against our API. Put your credentials in .netrc and both just work without having to expose the credentials vi /proc. You are right that .netrc is ancient, but AFAIK, .netrc is NOT deprecated and is very widely used. The netrc module imports fine in python3, no warnings etc. For me it is non-issue, the support of .netrc promotes good practice, but it was never mandatory and is ignored when not used (which is the common pattern, and maybe why you don't know about it). For example, SSH supports a similar scheme for storing per-server credentials (SSH credentials are more complex than name/password pairs) in $HOME/.ssh/config. It is good practice to keep such things off the command line. |
|
In this case I retract my previous statement. I assumed it was basically disappeared but I had no idea it had so many use cases (I may start using it actually). |
|
You should :-). |
It appears that this client allows for us to pass in an NETRC file. NETRC is deprecated. Please remove this.
i.e.
https://github.com/smartfile/client-python/blame/04ff2ce406d98f3a299ab956c476ba27feae8956/smartfile/__init__.py#L135
The text was updated successfully, but these errors were encountered: