Signatures have been required on Central for years and there are tools to verify them, including repository managers.
We strongly do not believe that you should entrust your private key to anyone else for signing, which is what others have done to make it easy....yet less secure.
We strongly do not believe that you should entrust your private key to anyone else for signing, which is what others have done to make it easy....yet less secure.