You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's increasingly the norm to upload packages from CI rather than a local terminal, and now also encouraged, because attestations are only available for CI uploads. Meanwhile, local uploads are either inconvenient, if you create a token for each project (doubly so if you do this for each release) or pretty poor security, if you create & store a user token which can upload all your projects.
I have asked for a nicer way to upload packages with 2FA (pypi/warehouse#6396 ), but that issue has been open for over 5 years now, and there's no movement. I looked into contributing, but it's part of a bigger thing (pypi/warehouse#13409 ).
This is still up for discussion, but I'm using flit publish less and less because of the above, and I can't get motivated to make improvements to it. So I'm leaning towards deprecating it and eventually removing it. People who want to do local uploads could make the packages and then use twine to upload them.
The text was updated successfully, but these errors were encountered:
It's increasingly the norm to upload packages from CI rather than a local terminal, and now also encouraged, because attestations are only available for CI uploads. Meanwhile, local uploads are either inconvenient, if you create a token for each project (doubly so if you do this for each release) or pretty poor security, if you create & store a user token which can upload all your projects.
I have asked for a nicer way to upload packages with 2FA (pypi/warehouse#6396 ), but that issue has been open for over 5 years now, and there's no movement. I looked into contributing, but it's part of a bigger thing (pypi/warehouse#13409 ).
This is still up for discussion, but I'm using
flit publishless and less because of the above, and I can't get motivated to make improvements to it. So I'm leaning towards deprecating it and eventually removing it. People who want to do local uploads could make the packages and then usetwineto upload them.The text was updated successfully, but these errors were encountered: