Unclear how to handle ownership of a shared pypi account

Hi,

for bst-external, we've started experimenting with uploading the packages to pypi (bst-external!71 (merged)).

For this, I have created an account named "buildstream" at pypi.org, and added the username and password to environment variables in the bst-external CI.

Currently I am the only person with control over that account, though anyone with the username and password can log into the account, and I am the only person with a registered E-mail address.

Is there a better place to store that information? (environment variables can apparently be stored group-wide, but only the group's owner can set that).

Who else should be responsible for that pypi account?

Thanks,

Jonathan