Has this been discussed anywhere? Who is sponsoring this?

Has this been discussed anywhere?

Yes: https://discuss.python.org/t/pre-pep-exposing-trusted-publisher-provenance-on-pypi/42337/40

Who is sponsoring this?

This is still in draft because I'm currently working with a group of people (including the PyPI administrators) to determine the appropriate sponsor.

Has this been discussed anywhere?

Yes: https://discuss.python.org/t/pre-pep-exposing-trusted-publisher-provenance-on-pypi/42337/40

Cool, can you include that link in the PEP draft please? It might end up getting replaced at some point with a different link, but at least that'll give a bit of context to the draft. Bear in mind that not all of us read every typing-related thread in detail :)

Cool, can you include that link in the PEP draft please? It might end up getting replaced at some point with a different link, but at least that'll give a bit of context to the draft.

Sure, no problem! I'm on mobile at the moment, but I'll update the draft once I'm in front of a computer. Apologies for any confusion I've caused 🙂

Sure, no problem! I'm on mobile at the moment, but I'll update the draft once I'm in front of a computer.

Yep, no rush, just trying to make sure everyone can see what's going on. Thanks!

I'll take a look through in a bit, but just to publicly record it, I'm fine sponsoring this and being the delegate for it (It's PyPI so I'm the default delegate anyways).

I've marked this as ready for review, now that it has a sponsor and PEP-Delegate (thank you @dstufft!)

All commit authors signed the Contributor License Agreement.

For visibility, I had to revert my email address change because of this:

                                                                              
Extension error (pep_sphinx_extensions.pep_zero_generator.pep_index_generator)
:                                                                             
Handler <function create_pep_zero at 0x107615760> for event 'env-before-read-docs' threw an exception (exception: some authors have more than one email address listed:
    William Woodruff: {'william@trailofbits.com', 'william@yossarian.net'})
Command exited with exit code: 2

Yeah, that's a rather annoying restriction, maybe we should consider removing it? Another option is to also use your ToB email in the other PEPs if you prefer.

Yeah, removing it would be ideal (but I can imagine it might be non-trivial, if it's a restriction in the first place).

Using my personal email here is not a significant problem -- the ToB email would accurately reflect that this is for work rather than just funsies, but we have it tracked on our side anyways 🙂

All feedback above is addressed/resolved, so I think approval/merge is next here (unless I've missed something) 🙂

LGTM, let's get the discussion rolling!