PEP 458 provides zero information about how the content PyPI is serving relates to the sdist the developer has on their system. A GPG signature from a known source (we typically use a TOFU model - Trust On First Use) that verifies against a known key for that package gives us assurance that what was received from PyPI is unmodified from what the developer intended.
PEP 458 only attempts the PyPI to end user half of that chain. In theory, PEP 480 would complete covering the space from the developer to PyPI, but I think we’d want to understand the actual implementation before agreeing it was sufficient.
We use GPG signed artifacts throughout the Debian infrastructure, so it’s something our tools are well equipped to handle. Switching to use PEP 480 author originated signatures probably is adequate from a security perspective (devil’s always in the details, so we’ll wait and see), but it definitely would require PyPI specific tooling changes that won’t appear overnight.
I have a vague recollection from earlier discussions about these PEPs that the claim was since “no one” used GPG signatures, they could just be dropped. It’d be good to explicitly document this as a non-goal.