| ▲ | larusso 3 hours ago |
| The trusted publishing is rather new or? Awesome to see that they implemented it. Just saying that maven central required it already years ago. |
|
| ▲ | di 3 hours ago | parent [-] |
| Maven Central does not currently support OIDC-based authentication (commonly called "Trusted Publishing"). |
| |
| ▲ | larusso an hour ago | parent [-] | | Didn’t know this term. After reading I wonder why short lived tokens get this monocle. But yeah I prefer OIDC over token based access as well. Only small downside I see is the setup needed for a custom OIDC provider. Don’t know the right terms out of my head but we had quite the fun to register our internal Jenkins to become a create valid oidc tokens for AWS. GitHub and GitHub Actions come with batteries included. I mean the downside that a huge vendor can easily provide this and a custom rolled CI needs extra steps / infrastructure. |
|
