The revised PEP 458 is at https://www.python.org/dev/peps/pep-0458/ as "PEP 458 -- Secure PyPI downloads with package signing." Discussion has been proceeding on Discourse.
BDFL-Delegate Donald Stufft wrote today https://discuss.python.org/t/pep-458-secure-pypi-downloads-with-package-sign... :
It looks like discussion about the actual meat and potatoes of this
PEP has petered out. Unless someone has an objection, I intend to accept this PEP on Friday.