Too bad that PyPI (and pip) effectively killed PGP signatures under control of the developers (therefore truly end to end) even with the simple TOFU model, and without providing an alternative.
> Any chance of signed builds returning? It's bizarre to me that we would move _away_ from signed builds.
PyPI never supported "signed builds" in the first place. What it had was vestigial support for attaching PGP signatures to distributions; without a key or identity distribution mechanism, these signatures were virtually useless (and all public evidence indicates that they were, consequently, virtually unused).
Note that attached signatures alone don't prevent dishonesty on PyPI's part: without identity pinning, a dishonest PyPI could replace a correctly signed distribution Foo with a correctly signed (and easily exploitable) distribution Bar during a user's retrieval. Every signature needs to be bound to both the distribution's content and its distribution name by some stable discoverable identity.
2FA means we can trust the person that logged in - but we still don't trust that PyPI is being honest (no offense).