I can’t speak for all RMs, but as one of them, I have seen our adoption of Sigstore as a good thing. There were some minor teething problems that we’ve worked out quite a while ago, and we’re currently in a pretty good state.
I support this PEP.
One thing I would like Sigstore to allow us is for any release manager from the team to be able to issue a new release of any Python version. I did do this a few times over the years, and the last attempt (although generally successful) caused confusion as to why the Sigstore signatures are mine and not Pablo’s. But this is probably off-topic here.
I would also like to add that PGP’s future is somewhat unclear anyway given how the Web of Trust that it always explicitly listed as a crucial component of its security is now effectively dead due to denial-of-service attacks on key servers through signature spam and GDPR takedown requests. We’re not going back to physical key signing parties.
So I’m entirely fine with us dropping the PGP signatures for Python 3.14 and up.