|
|
|
|
|
|
by woodruffw
869 days ago
|
|
|
Yes, although PyPI doesn't currently do much attenuation or delegation with them (this is largely my fault, since I didn't fully understand their power when picking them for the implementation). That's been slowly changing, however -- as of a few months ago, PyPI issues slightly more compact API tokens that make better use of discrete caveats. They're also used on the Trusted Publishing[1] side to make the API token self-expiring. [1]: https://docs.pypi.org/trusted-publishers/ |
|
|