In the future, we can at first optionally, and then later on a stricter basis encourage and then enforce signing. I think this is a good idea.
But, and here we apparently disagree completely, it seems to me that everything else is not and should not be the job of a centralized server.
Actually, I think you and Michael are in violent *agreement* on this particular point. At the core of the gist that was pointed to earlier in this thread [1], is the idea that we should have some kind of central notepad, where anyone is allowed to scribble anything they like, even add pointers to packages that are completely broken, don't build, or are malicious trojan horses. Then, it's up to end users to filter out the wheat from the chaff. In particular, it's up to the user to pretend those scribbles that were added by untrusted sources were just never there, *according to the users own trust model*. The central notepad does not enforce any particular trust model. It just provides sufficient mechanism so that the information necessary to support common trust models, such as WoT of GPG keys, can be uploaded and/or pointed to and found. In this way, any trust model can be supported. We could refactor Hackage on top of this notepad, and have Hackage upload metadata about those scribbles that *it* thinks are legit, say because Hackage performed the scribble itself on behalf of some user, but only did so after authenticating said user, according to its own notion of authentication. Users are free to say "I trust any scribble to the notepad about any package that was added by an authenticated Hackage user". Or "I only trust scribbles from my Haskell friends whom I have met at ICFP and on that occasion exchanged keys". Or a union of both. Or anything else really. [1] https://gist.github.com/snoyberg/732aa47a5dd3864051b9