Of course, because no one ever heard of people downloading infected software from compromised distribution sites. And that's just for starters... what about the ability of security software to validate installed apps?
And the fact that you're cozy with your boyscouts-at-the-NSA image has exactly what bearing on this issue? There are people at all levels of society who try to spread malware and they will even fuck around with your LAN to do it.
No, sorry.... The norm for software distribution has to be app authors signing their code and distributing it in a form where verification happens automatically. If you have to tell users they cannot have both verification and current releases then the software ecosystem is sick.
And note that large FOSS authors like LibreOffice and Mozilla do not operate their own PPAs. They leave it up to fourth parties whom even most /.ers have never heard of before. Linux software distribution methods are too much of a hassle even for large FOSS projects. This should be a clue as to why non-libre products cannot grow on these non-platforms (in fact, there are hardly any robust desktop apps from any sector): If you want to have hope of reaching a large segment of a Linux distro's users, you have to hope that your app gets into a default or pre-approved repository and even then your fanbase will be isolated from exciting developments, stuck with stale versions, unless they also suffer the idiocy of upgrading the OS yearly and the high incidence of their systems becoming inoperative.
FOSS platforms need to find ways to facilitate direct relationships between app developers and users - safely. Most are seriously not in ANY sense trying to do that, and instead just get in the way.