You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's currently an API token for PyPI in the secrets that we're no longer using since we migrated to trusted publishing in #409. (Project admins can see the token here.)
While we could and should delete this token from this repo's secrets, it would be much better if we could deactivate the token first. (Otherwise there's a perpetual risk that the token unexpectedly exists somewhere and could still be compromised.)
I can see that this token is associated with @fonnesbeck's account, so I'd recommend disabling that token (as well as ensuring that all other projects are migrated to trusted publishing and deleting those tokens too).
The text was updated successfully, but these errors were encountered:
(See also: pymc-devs/pytensor#1306)
Description
There's currently an API token for PyPI in the secrets that we're no longer using since we migrated to trusted publishing in #409. (Project admins can see the token here.)
While we could and should delete this token from this repo's secrets, it would be much better if we could deactivate the token first. (Otherwise there's a perpetual risk that the token unexpectedly exists somewhere and could still be compromised.)
I can see that this token is associated with @fonnesbeck's account, so I'd recommend disabling that token (as well as ensuring that all other projects are migrated to trusted publishing and deleting those tokens too).
The text was updated successfully, but these errors were encountered: