search

biocommons / biocommons.example

Template for new biocommons packages, and source of configuration for periodic updates to derived packages
1 stars 1 forks source link

Use trusted publishling for pypi release #39

Open korikuzma opened 5 months ago

korikuzma commented 5 months ago

Is your feature request related to a problem? Please describe. From https://docs.pypi.org/trusted-publishers/:

This confers significant usability and security advantages when compared to PyPI's traditional authentication methods:

Usability: with trusted publishing, users no longer need to manually create API tokens on PyPI and copy-paste them into their CI provider. The only manual step is configuring the publisher on PyPI. Security: PyPI's normal API tokens are long-lived, meaning that an attacker who compromises a package's release token can use it until its legitimate user notices and manually revokes it. Trusted publishing avoids this problem because the tokens minted expire automatically.

Describe the solution you'd like I would like to propose to use a trusted publishing implementation for pypi releases. See here

Describe alternatives you've considered None

Additional context None

github-actions[bot] commented 2 months ago

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 7 days.