It proves that a package was definitely uploaded from the correct repo.
Without trusted publishers a nefarious actor could use a leaked PyPI API key to upload from anywhere. If the only authorised location is actions on a specific Github repo then it makes a supply chain attack much trickier and much more visible.
With the new attestations it's now possible for package consumers to verify where the package came from too.
Without trusted publishers a nefarious actor could use a leaked PyPI API key to upload from anywhere. If the only authorised location is actions on a specific Github repo then it makes a supply chain attack much trickier and much more visible.
With the new attestations it's now possible for package consumers to verify where the package came from too.