Comment Re: Oh boy, another infection vector (Score 1) 230
Perhaps you could have a two tier level of trust where repositories that are from signed approved vendors are automatically permitted, but unlisted ones require specific admin permission to install from. Of course, power users could mark an unlisted certificate as trustworthy to prevent the auth request, but it would prevent installs from silently coming in from hijacked repositories in the scenario described above.