GitHub specifically doesn't have Python package index (PEP 503, PEP 740) support on their roadmap: https://github.com/github/roadmap/issues/94#issuecomment-158...

GitLab has Python package registry support (503?): https://docs.gitlab.com/user/packages/pypi_repository/

Gitea has Python package registry support (503?): https://docs.gitea.com/usage/packages/pypi

PyPI supports attestations for Python packages when built by Trusted Publishers: https://docs.pypi.org/attestations/ :

> PyPI uses the in-toto Attestation Framework for the attestations it accepts. [ in-toto/attestation spec: https://github.com/in-toto/attestation/blob/main/spec/README... ]

> Currently, PyPI allows the following attestation predicates:

> SLSA Provenance, PyPI Publish

Artifact Registry > Artifact Registry documentation > Guides > Manage Python packages: https://cloud.google.com/artifact-registry/docs/python/manag... :

> [Artifact Registry] private repositories use the canonical Python repository implementation, the simple repository API (PEP 503), and work with installation tools like pip.

PEP 503 – Simple Repository API: https://peps.python.org/pep-0503/

PEP 740 – Index support for digital attestations: https://peps.python.org/pep-0740/