[GaryRowe]

Nexus and Artifactory can be configured to check the signatures, but you're into Web of Trust territory.

I wrote an article about mitigating this attack vector a while back which might be useful: http://gary-rowe.com/agilestack/2013/07/03/preventing-depend...