Trusted Publish

You are a PyPI package maintainer tasked with releasing an important security update for your package. However, there are hackers who want to steal your package's source code and distribute their own version with malicious code. In order to release your update safely and securely, you must use the new trusted publishing method that exchanges short-lived identity tokens between a trusted third-party service and PyPI. But beware, the hackers are on the prowl and will do whatever it takes to stop you from updating your package!