Comment by opello

> having its own infrastructure

This seems like a different brand of the keyserver network?

> PyPI doesn't need to run or operationalize anything

So it's not a new operational dependency because it's index metadata? That seems more like an implementation detail (aside from the imagined PGP keyserver dependency) that seems accommodatable given either system.

> like the fact that PyPI doesn't need to perform any online operations to validate Sigstore's signatures

I may be missing something subtle (or glaring) but "online operations" would be interactions with some other service or a non-PSF service? Or simply a service not-wholly-pypi? Regardless, the index seems like it must be a "verifier" for design consideration (2) from PEP 740 to hold, which would mean that the index must perform the verification step on the uploaded data--which seems inconsequentially different between an imagined PGP system (other than it would have to access the imagined PyPI keyserver) and sigstore/in-toto.

> ... PyPI would need to be in the business of parsing PGP packets during package upload.

But the sigstore analog is the JSON array of in-toto attestation statement objects.