I believe this is already on the roadmap for PyPI Organizations.
The technical aspects of this proposal don’t seem that new and are solvable as this PEP shows. They’re important aspects, but they are an implementation detail.
I would like to understand how this proposal addresses the points that were outlined here Proposal: Support for Private Packages on PyPI Using Existing Token System - #2 by EWDurbin
PyPI is funded by donations and volunteers. How will it continue to operate if it’s being used as free storage for commercial purposes? Where does the funding come from? How does the governance work between the community led aspects and the commercial / paid storage aspects?