(burner account just cuz I forgot the pw to my real account)
Have to say this is a REALLY misleading name. "Trusted publishers" makes it seem like PyPI added (or improved) a manual curation & vetting process to its packages.
This is NOT that. This is more like "SSO for PyPI", a totally different thing.
You've added a different authentication mechanism for publishers, which is totally different from decreasing risk for end-users through a better vetting process (which is what most people would assume given the title). It's really unfortunate that the work you put into this will both 1) mislead readers into thinking it's something different and 2) be under-appreciated because they were confused.
I wonder if this is a case where the HN mods SHOULD edit the article title...?
Have to say this is a REALLY misleading name. "Trusted publishers" makes it seem like PyPI added (or improved) a manual curation & vetting process to its packages.
This is NOT that. This is more like "SSO for PyPI", a totally different thing.
You've added a different authentication mechanism for publishers, which is totally different from decreasing risk for end-users through a better vetting process (which is what most people would assume given the title). It's really unfortunate that the work you put into this will both 1) mislead readers into thinking it's something different and 2) be under-appreciated because they were confused.
I wonder if this is a case where the HN mods SHOULD edit the article title...?