In Gentoo, we’re not able to start evaluating or testing sigstore until CLI: `--offline` should mean fully offline · Issue #483 · sigstore/sigstore-python · GitHub is fixed (which it appears to be now) and it lands in a release, as it can’t work offline otherwise.
I would encourage both PGP + sigstore for at least one more release cycle to allow folks to both adapt and provide feedback, with a warning on the PGP sigs on the download page at least. We didn’t have sigstore packaged at all before now and had to package a lot of new dependencies for it which took time. Others will surely be in the same position. We also have a lot of tooling around PGP and none for sigstore yet.