include the index signer by default for popular repos
Normally, adding repos is Trust On First Use (TOFU). Having a repo built into fdroidclient means the signer's public key is included by default, which produces a strong link to the repository by default. But this also gives a stamp of approval for that repository, and that is not always easy for us to evaluate #2556 (closed) #1684 (closed) If fdroidclient could include a map of canonical URLs to signer, then that would cover the security case, without us having to review the repo to see if it qualifies for the F-Droid stamp of approval. Plus there are repos which clearly do not qualify, yet are quite popular. Like @IzzySoft's.
When users add a repo URL, it would check if the signer is already included in fdroidclient, and if so, only use that signer, ignoring what is in the index JAR. This would probably have to happen after the "Add Repo" flow has fetched the index JAR, verified it against signer in the JAR, and parsed it. That's the way to get the canonical URL.
fdroidserver#1106 would mean that repos could still migrate to a new signer, even if the signer was built into fdroidclient.
@grote how hard would this be to implement? Only seems worth it if it is easy.