Open
Description
Checked for duplicates
Yes - I've already checked
Best Practice Guide Category
Software Lifecycle
Best practice guide URL
Describe the improvement
Python Package Index (PyPi) publishing has transitioned to Trusted Publishing in an implementation step en route to PEP 740 adoption. This ticket is to implement Trusted Publishing (TP).
What does TP provide? It guarantees the provenance of software published from your organization. When that provenance is validated, the details and package origins of your published software is "verified" rather than reported as "unverified" in the package index.
Moreover, the publishing process has changes to isolate the actual delivery to package indices with the option for different signature validation and publishing keys, depending on the target index.
Metadata
Assignees
Labels
Type
Projects
Status
🏗 In Progress