You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider switching to trusted publishing which is nowadays the recommended way to connect to PyPI
This confers significant usability and security advantages when compared to PyPI's traditional authentication methods:
Usability: with trusted publishing, users no longer need to manually create API tokens on PyPI and copy-paste them into their CI provider. The only manual step is configuring the publisher on PyPI.
Security: PyPI's normal API tokens are long-lived, meaning that an attacker who compromises a package's release token can use it until its legitimate user notices and manually revokes it. Trusted publishing avoids this problem because the tokens minted expire automatically.
Squidpy still uses PyPI tokens for uploading releases
squidpy/.github/workflows/deployment.yml
Lines 36 to 42 in 7d3761f
Consider switching to trusted publishing which is nowadays the recommended way to connect to PyPI
For an example, see our cookiecutter.
The text was updated successfully, but these errors were encountered: