>>17
Great. So instead of the obvious, very straightforward, and well-tested mechanism of signed packages, you want to duplicate expensive infrastructure in a way that doesn't even protect against the most obvious attacks?
(It goes without saying that pacman doesn't even do what you're suggested either.)