Skip to content

Python Starter Kit: Trusted publishing #167

Open
@ingyhere

Description

Checked for duplicates

Yes - I've already checked

Best Practice Guide Category

Software Lifecycle

Best practice guide URL

Python Starter Kit

Describe the improvement

Python Package Index (PyPi) publishing has transitioned to Trusted Publishing in an implementation step en route to PEP 740 adoption. This ticket is to implement Trusted Publishing (TP).

What does TP provide? It guarantees the provenance of software published from your organization. When that provenance is validated, the details and package origins of your published software is "verified" rather than reported as "unverified" in the package index.

Moreover, the publishing process has changes to isolate the actual delivery to package indices with the option for different signature validation and publishing keys, depending on the target index.

Metadata

Assignees

Labels

high complexityTicket has multiple difficult sub-tasksrelease updateMid-cycle update to released product to provide further functionality, features or clarificationsoftware lifecycleProcess improvements involving developing, testing, integrating, deploying software

Type

No type

Projects

  • Status

    🏗 In Progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions