On Fri, 16 Apr 2021 at 20:15, Glyph <gl...@twistedmatrix.com> wrote: > > On Apr 16, 2021, at 11:26 AM, Adi Roiban <a...@roiban.ro> wrote: > > > For twisted/twisted and I think that other repos the main secret available > for GitHub Action is the PYPY upload token. > > > Just to make sure here - you mean PyPI, right? > > Yes. Sorry. PyPi.org.
> I guess that what we can do is stop using the codecov.io bash uploaded and > switch back to python uploader. > > Any other ideas ? > > > I think we are actually OK given the constraints on the env vars, but just > to be safe, we should invalidate / rotate the PyPI upload token. Any admins > have a few spare minutes to do that? (And likeā¦ check to make sure nobody > uploaded anything surprising on our project page ;-)). > > I don't have access to Twisted or ldaptor or other projects. I only have access to pydoctor, and I saw that someone from NL (most probably Marteen :) has already rotated the token. https://pypi.org/project/Twisted/#history looks ok. Last release l21.2.0 - Feb 28, 2021 Cheers -- Adi Roiban
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
