[$] Python PGP proposal poses packaging puzzles

Sigstore is a
project that is meant to simplify and improve the process of signing,
verifying, and protecting software. It is a relatively new project, declared
'generally available' in 2022. Python is an early adopter of sigstore; it started providing
signatures for CPython artifacts with Python 3.11
in 2022. This is in addition to the OpenPGP signatures it has been
providing since at
least 2001. Now, Seth Michael Larson—the Python Software
Foundation (PSF) security
developer-in-residence—would like to deprecate the PGP
signature and move to sigstore exclusively by next year. If that
happens, it will involve some changes in the way that Linux
distributions verify Python releases, since none of the major
distributions have processes for working with sigstore.