Earlier this year, Brett Cannon consulted with Donald and updated the status of PEP 458 to Deferred. https://github.com/python/peps/pull/931
The PEP status is now Draft again and the new proposed title is
"PEP 458: Secure transport independent download integrity for PyPI packages"
(see https://github.com/secure-systems-lab/peps/blob/c13384a4fac6822626abb7e09ab7... ).
Current discussion is happening on Discourse:
https://discuss.python.org/t/pep-458-surviving-a-compromise-of-pypi/2648/