Comment by MPSimmons

I don't think this is that terrible of an idea, actually. Before PyPI disabled searching, I'd say that the value of centralization was from that, and possibly due to security, but I think any claim of security from a central repo is deluding ourselves these days. There are so many opportunities for supply chain attacks that maybe this isn't actually worse. Requiring pip to refer to a github owner/repo might eliminate some of the squatter problems we have, too.