As part of the larger effort to improve security (gh-29178), it'd be good to review all access to repositories and do some cleanups:

• Enforce use of 2FA through a repo setting
• Ping people to use the "secure" method rather than the "insecure" (i.e. connected to a telephone number) method: about 50% of people with access use the insecure method. See this mailing list discussion.
• For people who haven't been active at all in several years, remove them or move them to the Emeritus team as appropriate.
• Reduce the number of people with full admin rights and PyPI access to O(5) people who actually are active and may need that access.