is there still an advantage using twine for Python pkg upload?

Question

the twine package in Python is used to upload stuff to PyPi using HTTPs.

I am already using Python 2.7.9, and the twine readme says, 'only recently Python 2.7.9 stopped using HTTP.'

Does it mean that when I do python setup.py upload, the connection is already secure? If the answer is yes, does twine offer any additional security advantage for uploading?

Answer 1

$ python --version
Python 2.7.10

$ cat /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/config.py

class PyPIRCCommand(Command):
    """Base command that knows how to handle the .pypirc file
    """
    DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi'

$ cat /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/command/upload.py

repository = self.repository or self.DEFAULT_REPOSITORY

...

request = Request(self.repository, data=body, headers=headers)

So i guess that's true, distutils really uses HTTPS now.

But twine also allows you to sign your packages before upload with a GPG key.