- Prevent a Man in the Middle between Repository and the End User.
- DNS Hijack/Spoofing
- Rewriting a Response
- SSL Stripping
- Prevent a Compromised/Malicious Repository from being used to attack End Users.
- New versions of a distribution can be uploaded
- Existing versions can be silently replaced.
- Provide a means for a project to protect against lost/stolen keys or a rogue
Maintainer.
- Multiple maintainers can all release a distribution
- An authorized maintainer might lose their credentials or they might go rogue.
- Verifying the "Safeness" of any particular distribution.
- Anyone can upload a new project/distribution reviewing each new author or distribution is a lot of burden to put on volunteers.
- Different definitions of "safe", One distribution's purpose might be to modify the runtime system, if that's what the end user wants is that "unsafe".
- Verifying the identity of an author
- Hard to do in an automated system.
- Labor intensive to do manually.
- Possibly impossible to verify the identity of some people (e.g. _why).