Held/Pending Status for Package Uploads Requiring Human Approval #19331
Description
What's the problem this feature will solve?
In multi-maintainer projects and orgs, any maintainer can push a release immediately without oversight from other team members, or maybe a single maintainer wants more security, etc.
Describe the solution you'd like
Add a held status marker (building on PEP 792) where uploads are stored but not installable until approved by a project maintainer. This gives teams a review gate before releases go live.. ueful for orgs that want sign-off workflows or addt'l supply chain protection.
Additional context
https://packaging.python.org/en/latest/specifications/project-status-markers/
Could also wait for upload 2.0 if we didn't want to utilize status markers