In that scenario though I think there are reasons why one might avoid package repositories such as pypi. For instance, say a censorship avoidance package is popular on pypi - what happens when whatever authority comes knocking?
I would think that it would be more secure to provide anonymized distribution as well. Of course, that means that you lose some convenience and reach, but that’s a common trade off in scenarios that have elevated security needs.
I would think that it would be more secure to provide anonymized distribution as well. Of course, that means that you lose some convenience and reach, but that’s a common trade off in scenarios that have elevated security needs.