Make keyring usage opt-in #9434
Conversation
|
I would need help adding the user-facing knobs for this. As far as I can tell, the only |
|
I would also need help fixing the tests that monkeypatch the keyring >_>' |
|
FWIW, lazy importing should be unnecessary with recent versions of keyring (>= 21.6), as it now initialises itself lazily. Of course, there's no particular harm in having another lazy layer, but it won't make the big difference it did with earlier versions of keyring. |
|
For the user-facing knob, you'll want to define an option in the See how any |
Per the discussion in pypa#8719 (keyring support should be opt-in) > [...] defer importing keyring at all until we confirm the opt-in > pypa#8719 (comment)
Kept it enabled by default, so as not to break tests.
Instead, we can inherit from `MultiDomainBasicAuth` and override the `get_keyring` class method.
nbraud
force-pushed
the
keyring/opt-in
branch
2 times, most recently
from
b901782
to
58f6136
Compare
|
Hello! I am an automated bot and I have noticed that this pull request is not currently able to be merged. If you are able to either merge the |
|
@nbraud Are you still interested in moving this forward? This PR is still a draft (which is used to "clearly tag when you're coding a work in progress"), so I don't think anyone has actually reviewed it yet. OTOH, this is also significantly out of date, and needs updating to deal with the fact that pip's codebase and CI infrastructure has changed since this PR was filed. |
|
Closing this out given the lack of activity. |
|
Also this is covered by #8719 |
keyringlazyauth.MultiDomainBasicAuthandsession.PipSessionto disable keyring usage.