Use Blockchain technology (e.g. Namecoin) to solve "trusting on first use" problem.

[msgilligan]

I've been thinking about using Blockchain-based technology -- I'm looking at using Namecoin for a proof-of-concept implementation, but open to other ideas -- to solve the "trusting on first use" problem.

Access to a Namecoin blockchain (either locally or via a trusted server) would allow the Gradle Witness plugin to check PGP signatures on JARs without trusting the files on a central repository.

I've drafted a topic paper, "Blockchain-based Trust for Software Components" for the Rebooting the Web of Trust conference and am thinking about using the Gradle Witness Plugin as a starting point for a proof-of-concept implementation.

Any feedback or assistance would be greatly appreciated. If there's interest the end result could be a pull-request to the Gradle Witness Plugin.