I’ve just proposed PEP 708 – Extending the Repository API to Mitigate Dependency Confusion Attacks, which combined with some changes to installers like pip, will hopefully prevent dependency confusion attacks while minimizing breakages.
Discussion on the PEP should go to the thread in the packaging category.