PEP 458 describes the path forward for PyPI. https://peps.python.org/pep-0458/
Here's the in-progress roadmap: https://github.com/pypi/warehouse/issues/10672
If there's particular issues you believe you could pick off to help achieve the goal, much appreciated!
That is covered by PEP 480, which is already 9 years old:
https://peps.python.org/pep-0480/
Too bad that PyPI (and pip) effectively killed PGP signatures under control of the developers (therefore truly end to end) even with the simple TOFU model, and without providing an alternative.
PEP 458 describes the path forward for PyPI. https://peps.python.org/pep-0458/
Here's the in-progress roadmap: https://github.com/pypi/warehouse/issues/10672
If there's particular issues you believe you could pick off to help achieve the goal, much appreciated!