The following work in progress is a continuation of our [previous comments][0].
While signing is an important component, perhaps it makes more sense to consider the greater problem of how to improve trust in the software supply chain.
As an alternative or complement to [TUF][1], we would like to propose a system that combines signing + metadata + eigentrust.
Package signing would be implemented with [Ed25519 signatures][2] using something similar to [OpenBSD's signify][3] or [Minisign][4]. Developers would sign uploads and PyPI would append signatures to downloads.