Woodruff: Trusted publishing is not a trust signal

lwn.net · ⭐️ 8/10 · 2026-07-07

William Woodruff published a blog post arguing that PyPI's trusted publishing should not be interpreted as a signal of package trust or quality, but rather as a form of authentication. This clarifies a common misconception among developers, which could otherwise lead to over-reliance on trusted publishing for software supply chain security decisions. Woodruff emphasizes that trusted publishing uses OpenID Connect (OIDC) to establish identity between a CI/CD workflow and PyPI, and that PyPI deliberately avoids rendering it as a green checkmark.

Background

Trusted publishing is a mechanism introduced by PyPI that allows packages to be published without storing long-lived API tokens. Instead, it uses OIDC to exchange short-lived identity tokens between a trusted third-party service (like GitHub Actions) and PyPI. It is designed to simplify the publishing workflow, but Woodruff warns that it should not be conflated with package trust or security assurance.

References

Read original