You shouldn't trust Trusted Publishing
8 hours ago
- #PyPI
- #security
- #authentication
- Trusted Publishing is an authentication scheme for machine-to-machine trust, not for human trust in package safety.
- It uses OIDC to link CI/CD machine identities to package indexes, issuing short-lived, scoped publishing credentials.
- PyPI avoids displaying Trusted Publishing status prominently to prevent misuse as a trust signal for package quality.
- Trusted Publishing reduces long-lived credentials but can still be compromised if CI/CD workflows are attacked.
- The scheme is optional and does not guarantee package safety; anyone can use it, including for malicious uploads.
- Attestations on PyPI are separate from Trusted Publishing and also do not imply end-user trust without independent verification.