@asvetlov I noticed that this project is not managed by the bot account in the CI like others. Normally, I'd create a project-scoped token under https://pypi.org/user/aio-libs-bot/ for use in CI.

Could you confirm that:

• the token used is scoped to just one project on PyPI (frozenlist)
• the token belongs to a user without "Owner" privileges
• you don't want to switch it over to be aligned with the rest of packages

What's wrong if I use a project-scoped token generated from my personal account?
Permissions are restricted to upload only anyway, isn't it?
From my understanding, the aio-libs-bot user is not required anymore after switching to token-based upload and getting rid of user/password logins.

@webknjaz don't get me wrong please.
If you want to setup https://pypi.org/user/aio-libs-bot/ generated token -- please do.
I just don't want to spend my personal time on it and I think that the current token provides the same security level.

I was thinking along the lines of having all the tokens in one place/account so it wouldn't be necessary to guess whose token is in use and which accesses to revoke or where to regenerate it if necessary.