I believe it is helpful to be able to identify the 2-way link between source code on github and the PyPi repo. This is to assert that both sites are under control of the same party. This is relevant in the current landscape of supply-chain attacks
https://docs.pypi.org/trusted-publishers/adding-a-publisher/
Additionally, I think it would be good to add a link from Github to Pypi; so folks can quickly validate that these sites are under the same party control.
I believe it is helpful to be able to identify the 2-way link between source code on github and the PyPi repo. This is to assert that both sites are under control of the same party. This is relevant in the current landscape of supply-chain attacks
https://docs.pypi.org/trusted-publishers/adding-a-publisher/
Additionally, I think it would be good to add a link from Github to Pypi; so folks can quickly validate that these sites are under the same party control.