Trusted Publisher: The Game

As a PyPI package maintainer, you play as a cybersecurity expert trying to secure the PyPI platform against external threats. Your mission is to adopt the new 'Trusted publishing' method that exchanges short-lived identity tokens between a trusted third-party service and PyPI. Use your strategic planning skills to configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP), verify and delegate trust to that identity, and secure your release workflows. But beware, hackers are trying to get unauthorized access to PyPI, and it's up to you to keep them at bay.