[chippiewill]

It's not about the package maintainer, it's about the trustworthiness of the OIDC issuer to prove the identity of a user.

A poorly maintained issuer could leak their secret keys, allowing anyone to impersonate any package from their service.

[guappa]

But what use does it serve to prove that I am user "qioaisjqowihjdoaih" on github?

I mean it only proves I authenticated successfully. Nothing else.

[chippiewill]

It proves that a package was definitely uploaded from the correct repo.

Without trusted publishers a nefarious actor could use a leaked PyPI API key to upload from anywhere. If the only authorised location is actions on a specific Github repo then it makes a supply chain attack much trickier and much more visible.

With the new attestations it's now possible for package consumers to verify where the package came from too.

[guappa]

But… a github token could leak just as easily?