I had the same thought. There should have been a play where you were the trusted metadata layer (across clouds even), but allowed actual images to come from S3, GCP, Azure directly (ie, serve metadata + hashes / signatures). Obviously AWS and everyone would spin up their own mirrors, lots of bandwidth would be saved (by Docker too) and they would still have a role in the center.
