Most packages these days are signed using GPG so that the user can be sure that they are from a trusted source. We should probably do the same and publish the fingerprint on our home page.
The PackageKit Error in Fedora 9 looks like this:
"Malicious software can damage your computer and cause other harm. Are you *sure* you want to install this package?"
Looks bad for ThinLinc, another reason to sign our packages.
A big problem with this is how should the users trust the key? They'll have to download it the same way they downloaded the packages. So the level of trust should be the same.
However if the key keeps getting reused then only the first download needs to take extra steps to verify the key. After that the users can keep verifying upgrades as they know the key is trusted.
This requires us to keep using the same key for a long time though, which is unlike what distributions do who generally replace the keys for every version.