There's a thread awhile back where there were VERY angry at someone trying to setup their own attestation project database (essentially a list of known Android builds and their signatures).

They want apps to add their signing hashes manually just for them and don't want to join projects that would aggregate and act as a database or certificate authority.

You mean Universal Attestation, which is from a vendor cartel, of which most of the individual vendors are typically waaaaay behind security updates, etc.