The current state of package manager support for two-factor authentication (2FA) is limited, with only a few platforms offering robust security measures. However, another approach to enhance security, called package signing, has gained traction across various ecosystems. This involves using cryptographic signatures to verify the authenticity and integrity of packages during download. Package signing offers an end-to-end verification that a package was uploaded by its maintainer, making it a valuable tool for protecting against supply-chain attacks and ensuring the trustworthiness of open-source packages. Several programming languages' package managers support package signing, including Nuget, Maven, Gradle, Rubygems, npm, Pypi, and others, with varying degrees of implementation and adoption. While some platforms are still in the process of implementing or exploring package signing, it has already shown promise in enhancing security and trust in open-source software development.