Thanks for the great feedback - Nick, Donald, Paul, and Richard (off-list).
I am totally fine with focusing on PEP 458 and applying the final coat of paint on this document.
There's a lot of background documentation and technical details excluded from the PEPs (to avoid turning the PEP into a 15+ page behemoth), but I do agree that we should explicitly cover some of these implementation details in PEP 458. Subsections on the exact format of metadata, explanation on how metadata is signed, and how the roles are "delegated" with the library, still remain. As Paul as indicated, terminology can also be improved so as to be more readable for "non-experts."
As far as I’m concerned I’m willing to collab however is best for y’all. It appears you’re doing it on Github in the https://github.com/theupdateframework/pep-on-pypi-with-tuf
repository so I’m happy to make PRs there. I’m also happy to make PRs elsewhere as well though I prefer somewhere on Github. I’ll sit down with PEP 458 maybe this weekend and see if I can crank out some PRs to refine it.
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA