These kinds of comments are borderline mendacious: you can observe, trivially, t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

		woodruffw 8 hours ago \| parent \| context \| favorite \| on: PyPI now supports digital attestations These kinds of comments are borderline mendacious: you can observe, trivially, that 50% of the Trusted Publishers currently known to PyPI are neither Google nor Microsoft controlled[1]. If PyPI accepts two more likely ones, a full 2/3rds will unrelated to GitHub. [1]: https://docs.pypi.org/trusted-publishers/adding-a-publisher/

guappa 6 hours ago | [–]

Ping me when one of them will be an open source entity rather than a company.

cpburns2009 3 hours ago | [–]

Wow, you can use a whole two other providers from your list: Gitlab and ActiveState. Color me unimpressed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact