Creating an open registry would be nice, or even for developers to be able to host their own repos for others to install plugins from (à la Linux package managers), to avoid such centralisation.
Ideally, those repos would be hosted by each party, and then hosting providers would be able to host their own mirrors containing many packages for all the installs, giving a similar experience to what is now offered by Mr. Mullenweg's WP.org.
> Creating an open registry would be nice, or even for developers to be able to host their own repos for others to install plugins from (à la Linux package managers), to avoid such centralisation.
The security trade offs for this would not be worth it, IMO, considering WPs auto-updating features.
One could create a registry that uses PSK similar to mobile applications so a install only auto accepts an updated package if it's signed by the author.
This should be rather easy, because all WordPress plugins are GPL-licensed because of the Copyleft.
I don't care about the current dispute, but wordpress.org can't be trusted any more.