[$] Python PGP proposal poses packaging puzzles

Sigstore is a project that is meant to simplify and improve the process of signing,verifying, and protecting software. It is a relatively new project, declared"generally available" in 2022. Python is an early adopter of sigstore; it started providingsignatures for CPython artifacts with Python3.11in2022. This is in addition to the OpenPGP signatures it has beenproviding since atleast2001. Now, SethMichaelLarson-the Python SoftwareFoundation (PSF) securitydeveloper-in-residence-would like to deprecate the PGPsignature and move to sigstore exclusively by next year. If thathappens, it will involve some changes in the way that Linuxdistributions verify Python releases, since none of the majordistributions have processes for working with sigstore.