PyPI and Test PyPI now support the creation of API Tokens for use when
uploading projects to PyPI, thanks to work funded by the Open Technology Fund.
These tokens are created by default with the same upload permissions as the
User creating them, but can also be scoped to specific projects that User has
upload privileges for.
This is the first step in enforcing that Users with Two-Factor Authentication
enabled must use an API Token when uploading to PyPI, rather than their
password.
After the Beta we’ll announce the general availability of these features and
timeline for enforcement of API Tokens for Two-Factor Authentication enabled
accounts.
Read more on how you can help to test this feature at:
https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/31
-Ernest W. Durbin III
Director of Infrastructure
Python Software Foundation
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-le...@python.org
https://mail.python.org/mailman3/lists/distutils-sig.python.org/
Message archived at
https://mail.python.org/archives/list/distutils-sig@python.org/message/6YY6IAJAFTMGS4GOTESBEI6L2HVPUO3U/