As mentioned in the meeting yesterday, we should consider using PyPI Trusted Publishers for Jupyter Projects.

I ran an experiment using my test-python-project repository. I made a release to the Test PyPI instance using my main account, and then one using a backup account, that does not have a login to Test PyPI.

Here is what the PyPI security log looks like:

Here is the deployment log from the repo:

The publish permissions would move from PyPI to the Environment Permissions on the repository: