cthoyt
commented
2 weeks ago Thanks @konstin for following up on this. Such a test could also make a specific test when you use --publish-url https://test.pypi.org/legacy/ and there's no credentials but there is something like https://test.pypi.org/legacy/?PACKAGE available - it could say "hey, you might want to use a package-specific publish URL that has the following form where ?PACKAGE is your package`.
Should uv go even further to guess the right publish URL in keyring based on the current package name? Can uv publish even introspect on that metadata?
See https://github.com/astral-sh/uv/issues/7963#issuecomment-2453558043: We should warn in this case that the keyring didn't return any password, since using the keyring with publishing only makes sense if it has a password for the publish URL