You can do better

Yeah this. I think the OP was a bit much. Yes the user could take verification into there own hands like we do, but most wont, so repos, repo maintainers and distributions already (at least the major modern repos) by default already have pretty good signature verification with a pretty user friendly way of verifying and installing keys if needed. 3rd party repos are often signed if users want to get signed packages from the devs too.