We should switch to Trusted Publishing for our releases. Trusted publishing replaces a persistent secret that can leak with a cryptographically scoped, ephemeral token that requires zero maintenance.
However, only a project owner on PyPI can do that and it seems that Syrus is currently the sole owner.
Pinging @syrusakbary - can you make the switch or increase the bus factor by adding me as owner (I'm only registered as maintainer, but that is not sufficient to make the switch)?
We should switch to Trusted Publishing for our releases. Trusted publishing replaces a persistent secret that can leak with a cryptographically scoped, ephemeral token that requires zero maintenance.
However, only a project owner on PyPI can do that and it seems that Syrus is currently the sole owner.
Pinging @syrusakbary - can you make the switch or increase the bus factor by adding me as owner (I'm only registered as maintainer, but that is not sufficient to make the switch)?