In light of the progress toward implementing PEP 458, we are updating PEP 480 to reflect changes to PEP 458 and to the Warehouse ecosystem since the PEP was first authored. We are hoping to reopen the discussion about approval, and would appreciate any feedback on the PEP as we begin this process.
PEP 480 proposes extending the use of TUF to allow for end-to-end signing of packages. It builds onto the existing work in PEP 458 to allow for developer signing of packages. There is more detail in the PEP.