Weird.
Look at this! A 3 year long hand-sitting session over a basic security feature other FOSS projects like Debian implemented decades ago on a shoestring budget.
https://discuss.python.org/t/pep-458-secure-pypi-downloads-with-package-signing/2648/135
Seems to me the Python official sites are just there to take ppl's infosec ideas and bury them. I'd rather complain on social media, thanks.
@tasket Oh, please complain or discuss all you like! Everything in Python is done by community consensus, so you can talk to us here, but we can't force community decisions from our Mastodon account. We don't have a process for taking comments here and adding them to the ongoing community discussions but we also aren't trying to hide those discussions from people who contact us here.