Mike Fiedler, Code GardenerOct 14

Does your org run a self-managed version of GitLab and publish your own #Python packages to @pypi ?

If you want to try out an alpha of Trusted Publishing for GitLab Self-Managed instances, let me know via DM - I'm collecting interest now, and should have something to show soon.

Show threadSeth LarsonOct 14
@miketheman @pypi cc @vagrantc maybe the Reproducible Builds folks are interested in this? :)
Show threadmeejah
@sethmlarson @miketheman @pypi @vagrantc I'm interested in (once again) publishing my own signed packages on PyPI -- does this happen to help there?
Oct 14 at 4:07pmWeb
Show threadMike Fiedler, Code GardenerOct 14

@meejah @sethmlarson

The overall concepts are detailed here: https://docs.pypi.org/trusted-publishers/

TL,DR: using OIDC to generate short-lived access tokens to publish from known publishers, instead of holding on to long-lived API Tokens

Getting Started - PyPI Docs