Yeah, this is something that’s on my long-term roadmap as well: the adoption of “workload identities” instead of using release manager identity. In short, this would be possible if all of our artifacts were generated on platforms that are supported by Sigstore. Outstanding we have macOS artifacts that are generated outside of a hosted build platform and Azure Pipelines doesn’t support OpenID Connect identities last I checked (which wasn’t that long ago?)
I pinged a few folks from Red Hat and Fedora that I knew about in the pre-PEP discussion. As you mentioned Debian and Ubuntu are also aware, the discussion spawned from the pre-PEP discussion as well, I think there is alignment on adding support for Sigstore to tooling because there are becoming more-and-more Sigstore signatures for projects being repackaged (ie, from NPM and soon from PyPI with PEP 740).
My hopeful read of the situation is that if support is added to tooling then our decision isn’t as negatively impactful one as it might have been a few years ago where there wasn’t as much interest in adding Sigstore support to tooling.
I can try to find some more people, I’m not sure what other levers we have to spread the word about this upcoming change, maybe the Python blog?