Aka corporations insist on control & want to make sure users are powerless when using the site. And Chrome is absolutely here to help the megacorp's radically progress the War On General Purpose Computing and make sure users are safe & securely tied to environments where they are powerless.
There's notably absolutely no discussion or mention of what kind of checks an attestation authority might give, other than "maybe Google Play might attest for the environment" as a throwaway abstract example with no details. Any browser could do whatever they want with this spec, go as afar as they want to say, yes, this is a pristine development environment. If you open DevTools, Google will probably fail you.
It appalls me to imagine how much time & mind-warping it must have taken to concoct such a banal "user motivation" statement as this. This is by the far the lowest & most sold-out passed-over bullshit I have ever seen from Chrome, who generally I actually really do trust to be doing good & who I look forward to hearing more from.
https://www.bleepingcomputer.com/news/security/451-pypi-pack...
As time goes on hand-waving the matter as "user's responsibility" is becoming a less and less acceptable answer. Hard assurances are being demanded and applied technologies are progressively patching the existing loopholes.
You can demand change all you want but it doesn't change how the real world works. These people need to come off their high horse and come join the rest of us. So sick and tired of C-level people demanding shit they know nothing about.