> A requirement give a provable identity in order to distribute your software is a dangerous thing.
You are not required to provide identity in any cause to distribute software. Except maybe on iOS.
What you are required to do is provide some form of identity to use another person's service to distribute your software. This is not a bad thing. IF they are providing a service and you have a relationship with them then a payment for access to that service is not something that is a wrong thing to require.
Your one time payment would go to services and vetting so that people can be paid to go through software and check it out as 'safe' or not. Is this not a real issue?
Right now the 'vetting' is done by requiring third parties (Party 1: Developer, Party 2: Users, Party 3: Distributions) to build the software and then only allowing users easy access to those. The 'distributions' vet their 'vetters' by requiring years of devotion and history before they are allowed to build and upload software.
It seems to be that process is no less distasteful then asking a payment.
Either system is ripe for abuse, for different reasons. But that is why users need to be know which 'software distributors' they can trust regardless of the method used. If you are going to delegate your security to other parties (the developers and those who vet and distributes) then it's your responsibility to be somewhat aware of who and the type of people you are dealing with.
Q: "Who watches the watchers?",
A: the people being watched, of course.