[LtWorf]

Well python discarded signing entirely so that's one way to solve it :)

[woodruffw]

Both CPython and distributions on PyPI are more effectively signed than they were before.

(I think you already know this, but want to relitigate something that’s not meaningfully controversial in Python.)

[LtWorf]

Being signed by some entity which is not the author is hardly more effective.

(I think you already know this as well)

[woodruffw]

It is, in fact, signed by the author. It's just a PKI, so you intermediate trust in the author through an authority.

This is exactly analogous to the Web PKI, where you trust CAs to identify individual websites, but the websites themselves control their keypairs. The CA's presence intermediates the trust but does not somehow imply that the CA itself does the signing for TLS traffic.

[LtWorf]

Not really, uploading via trusted publishers I don't own any private key, as you probably know having implemented it yourself I presume.

[woodruffw]

Trusted Publishing doesn’t involve any signing keys (well, there’s an IdP, but the IdP’s signature is over a JWT that the index verifies, not an end signature). You’re thinking of attestations, which do indeed involve a local ephemeral private key.

Again, I must emphasize that this is identical in construction to the Web PKI; that was intentional. There are good criticisms of PKIs on grounds of centrality, etc., but “the end entity doesn’t control the private key” is facially untrue and sounds more like conspiracy than anything else.

[LtWorf]

Conspiracy in what way? Can you explain?

On my web server where the certificate is signed by letsencrypt I do have a file which contains a private key. On pypi there is no such thing. I don't think the parallel is correct.