This confers significant usability and security advantages when compared to PyPI's traditional authentication methods:
Usability: with trusted publishing, users no longer need to manually create API tokens on PyPI and copy-paste them into their CI provider. The only manual step is configuring the publisher on PyPI.
Security: PyPI's normal API tokens are long-lived, meaning that an attacker who compromises a package's release token can use it until its legitimate user notices and manually revokes it. Trusted publishing avoids this problem because the tokens minted expire automatically.
Describe the solution you'd like
I would like to propose to use a trusted publishing implementation for pypi releases. See here
Is your feature request related to a problem? Please describe. From https://docs.pypi.org/trusted-publishers/:
Describe the solution you'd like I would like to propose to use a trusted publishing implementation for pypi releases. See here
Describe alternatives you've considered None
Additional context None