Well, when I created my company I had no intention to work on closed source projects,
so "private repositories" is definitely not interesting for us as a feature.
However, we're all for helping PyPA to make sustainable revenue, and also having more infra,
and why not one day integrate gpg signature checking on packages we've been uploading with
python setup.py sdist upload --sign so far ....
Please contact me if interested.
Have a great day.