> As long as you're OK with self signed certificates or PGP keys, I'd be on board with this.

I am with PGP but more wary of self-signed certs, though even self-signed certs allow mass revocation of packages when an author's cert is compromised.