Donald, I'm not sure what you mean by "a compromise of the CDN for *uploading*”.
PyPI trusts the CDN to give it the correct bits, without a signature from the author that is being verified uploading just relies on TLS again. The other PEP should close that gap though I believe.
Note: I have yet to read these PEPs so I’m just going by a casual glance of them.