Eric Mann announced the release of DGXPCO: Digital Guarantees for eXplicitly Permitted Core Operations plugin. This plugin (available on the WordPress plugin repo) integrates directly with the WordPress core updater and ensures that any core package being installed has a valid signature.
At the moment DGXPCO only secures WordPress core updates. Eric says a future release will secure plugin updates as well.
