Most distributions (ie the archlinux one you linked to) digitally sign their packages with private keys, so the people who compromised kernel.org wouldn't be able to tamper with them without causing verification failures by the package management system.
One huge problem could be downloadable ISOs for live images or installer DVDs. Since you are booting up your system with them, there would be no reliable automatic signature verification.
I downloaded a Centos-6 ISO from the kernel.org mirror just the other day, and broke out in a cold sweat when I saw this story. However, Centos and just about everyone else publishes checksums of their ISOs. I compared my download against the checksum, and, to my relief, it matched.
It would be wise if everyone compared checksums immediately after downloading something like this. Alternately, you can use a protocol like BitTorrent for the download, which compares checksums automatically.
I often wonder what would happen if a group of nerds..like ourselves.. decided to start our own root DNS.. I would suspect that it would be shut down by the FCC in short order under some new or trumped up mangled misinterpretation of some law.
Alternative root servers have existed for years. The largest is probaby OpenNIC.
Stellar rays prove fibbing never pays. Embezzlement is another matter.