It's increasingly the norm to upload packages from CI rather than a local terminal, and now also encouraged, because attestations are only available for CI uploads. Meanwhile, local uploads are either inconvenient, if you create a token for each project (doubly so if you do this for each release) or pretty poor security, if you create & store a user token which can upload all your projects.

I have asked for a nicer way to upload packages with 2FA (pypi/warehouse#6396 ), but that issue has been open for over 5 years now, and there's no movement. I looked into contributing, but it's part of a bigger thing (pypi/warehouse#13409 ).

This is still up for discussion, but I'm using flit publish less and less because of the above, and I can't get motivated to make improvements to it. So I'm leaning towards deprecating it and eventually removing it. People who want to do local uploads could make the packages and then use twine to upload them.