Astral hardens open-source supply chain security

Astral is treating supply-chain security as product infrastructure, not an afterthought, and that is the right posture for any team shipping widely used developer tools. The strongest move here is banning risky GitHub Actions patterns like `pull_request_target` and `workflow_run` org-wide, then replacing them with safer primitives or GitHub Apps where needed. Hash-pinning actions, enforcing read-only defaults, and isolating secrets by deployment environment materially reduce the blast radius of a compromised workflow. The release story is unusually mature: Trusted Publishing, immutable releases, Sigstore attestations, and tag and branch protections create multiple hurdles before a malicious artifact can ship. The dependency section is the quietest but most important part: cooldowns, tight upstream relationships, and conservative dependency policy are exactly how mature OSS maintainers avoid being surprised by the next supply-chain incident. This is less a feature announcement than a trust signal, and it should matter to anyone depending on Astral’s Python tooling ecosystem.