One place to look up all hashes, identities attached, transactions are in order, the API is the same for all hashes no matter the store or the tech, it can work offline, if the site is down or under attack you can still check, it avoids putting loads on the original site, it's more resilient to attacks.
Having one homogeneous decentralized way to read this data is neat. You could make entire package managing solution out of this. Even attach torrent magnet links for each lib in the chain, and make the whole store distributed.
A git repository or a torrent or any other distributed datastore would also accomplish this. A blockchain is a very bad, expensive distributed datastore that you would only use if you need the specific trust properties it provides.
It would be a fair point to say that if you don't trust any specific person or entity to verify that a given source compiles to the binary signed by the author that maybe some sort of blockchain would be useful. I think you'd get a lot more bang for your buck by using trusted authorities in something closer to a CA model.
The advantage of the blockchain is that we have well tested clients and api already, dealing with ID, logs and sync, with a huge number of nodes.
And you do need trust for distributing software.
You can't use git, it's hard to sync automatically. Torrent is a nice transport, not a db, and can be use to sync blockchains anyway, why make them exlusive ? And using any distributed db would exclude the field tested solution on millions of wallet that prove to work, and the api that is alreay well supported.
Having one homogeneous decentralized way to read this data is neat. You could make entire package managing solution out of this. Even attach torrent magnet links for each lib in the chain, and make the whole store distributed.