Hacker News new | ask | show | jobs
by woodruffw 78 days ago
Which account is publishing the package, in a CI/CD context? It's not clear that any particular account is, since the set of people who can trigger a workflow in CI/CD aren't necessarily (and in fact aren't often) the same set of people who can create an API token on PyPI.
1 comments
charcircuit 78 days ago
The user that owns the API key or whoever it already associates what account is doing the publishing. It isn't a new problem.
link