Making Codeberg a Trusted Publisher?

phildini · May 14, 2026, 5:59am

Hello! This originally started as a thread on the fediverse, but I wanted to get a conversation started here, or possibly be told where it should be started instead.

It’s also possible @miketheman or @sethmlarson will see this and we can chat about it in person at PyCon. I’m around through Tuesday if people want to chat!

Effectively, with increasing numbers of folks getting set up on Codeberg, it would be great to add them to the list of Trusted Publishing provders. As I read the “How do I become a Trusted Publishing Provider”, the main technical requirement is supporting some OIDC endpoints, which my read of Codeberg’s .well-known seems to support.

What would be the next step for getting Codeberg on the list of Trusted Publishing providers?

davidism · May 14, 2026, 6:03am

Previously discussed in March: New OIDC providers for Trusted Publishing

phildini · May 14, 2026, 7:10am

Woops you sure are right! thanks for this

woodruffw · May 14, 2026, 11:34pm

Also see here: Codeberg trusted publisher · Issue #19786 · pypi/warehouse · GitHub

The status quo is that PyPI would like to see a stronger key protection/PKI management story from Codeberg, while Codeberg doesn’t currently have any committed time/effort towards that.

(I don’t mean any of that as a value judgement, just as a layout of the state of affairs.)