BETA: PyPI now supports API Tokens for Release uploads

[Ernest W. Durbin III]

PyPI and Test PyPI now support the creation of API Tokens for use when uploading projects to PyPI, thanks to work funded by the Open Technology Fund.

These tokens are created by default with the same upload permissions as the User creating them, but can also be scoped to specific projects that User has upload privileges for.

This is the first step in enforcing that Users with Two-Factor Authentication enabled must use an API Token when uploading to PyPI, rather than their password.

After the Beta we’ll announce the general availability of these features and timeline for enforcement of API Tokens for Two-Factor Authentication enabled accounts.

Read more on how you can help to test this feature at: https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/31

-Ernest W. Durbin III

Director of Infrastructure

Python Software Foundation