Hacker News new | ask | show | jobs
by guappa 588 days ago
Except that also for trusted publishing, they only allowed github in the beginning and eventually added a couple of other providers. But if you're not google or microsoft you won't be added.
1 comments
woodruffw 588 days ago
These kinds of comments are borderline mendacious: you can observe, trivially, that 50% of the Trusted Publishers currently known to PyPI are neither Google nor Microsoft controlled[1].

If PyPI accepts two more likely ones, a full 2/3rds will unrelated to GitHub.

[1]: https://docs.pypi.org/trusted-publishers/adding-a-publisher/

link
guappa 588 days ago
Ping me when one of them will be an open source entity rather than a company.
link
woodruffw 587 days ago
https://docs.pypi.org/trusted-publishers/internals/#how-do-i...
link
immibis 588 days ago
Wow. I get to choose one from a total of FOUR large corporations! Amazing openness!
link
woodruffw 588 days ago
Once again: this is constrained by design. If you don’t want to use OpenID Connect, just create a token on PyPI and publish the normal way. You are not, and will never be, required to use this feature.
link
cpburns2009 588 days ago
Wow, you can use a whole two other providers from your list: Gitlab and ActiveState. Color me unimpressed.
link