Open
Description
What's the problem this feature will solve?
Projects that wish to publish multiple packages using the same Trusted Publisher identity currently need to register that same identity for every single package.
Describe the solution you'd like
Allow orgs to define trusted publishers that are allowed to publish all packages under that org.
Over time, this could be combined with the incoming paid "namespace prefix" feature, allowing the org to say "publisher-foo can publish packages under org-foo-", "publisher-bar, packages under org-bar-", etc. But simply allowing for a global publisher for the entire org would already be a significant UX improvement.
Additional context
I suspect this feature will mostly be useful for teams who:
- use monorepos, such that all their packages are published with the same GitHub Actions / GitLab CI workflow identity; OR
- publish via non-CI platforms (i.e. GCB), such that the same service account identity is used for all packages.