I'm not sure how someone is supposed to use attestations if PyPI refuses to support the forge they use? I'm not sure how this prevents a package getting maliciously uploaded via Github Actions? To me, this is going to lead to another bincode incident, because it conflates trust in the maintainer with trust in the platform.