[$] Working toward securing PyPI downloads

An effort to protect package downloads from the PythonPackage Index (PyPI) has resulted in a Python Enhancement Proposal(PEP) and, perhaps belatedly, some discussion in the wider community. Thebasic idea is to use TheUpdate Framework (TUF) to protect PyPI users from some maliciousactors who are aiming to interfere with the installation and update ofPython modules. But the name of the PEP and its wording, coupled with some recent typosquatting problems on PyPI, causedsome confusion along the way. There are some competing interests anddifferent cultures coming together over this PEP; the process has not run assmoothly as anyone might want, though that seems to be resolving itself atthis point.