←back to thread

PyPI now supports digital attestations

(blog.pypi.org)
218 points miketheman | 1 comments | 14 Nov 24 14:25 UTC | HN request time: 0.211s | source
Show context
cpburns2009 ◴[14 Nov 24 15:40 UTC] No.42137278[source]
Great, now how do you use attestations with Twine when publishing packages on PyPI outside of the Github ecosystem?
replies(2): >>42138625 #>>42140707 #
1. hifromwork ◴[14 Nov 24 17:27 UTC] No.42138625[source]
You need to rely on one of the four trusted publishers. You can't do it yourself: https://docs.pypi.org/trusted-publishers/adding-a-publisher/