Interesting. As a developer, I've never had trouble assessing the trustworthiness of packages on github, and I see no reason to implement some kind of trust system for language specific repos (npm, for example). The reason is simply that there are many ways to assess a library, such as community activity, use in production, quality of tests, and general reputation.
Perhaps this is more of a problem for scientists who just want to download and use a package, but don't have the know how to assess the quality of a package the way developers do?
I think trust is a bigger deal in the R community than say Ruby. With a gem you can tell pretty quickly if it works or not, and the community has a higher standard of testing.
With R, many of the packages are for complicated math and stats. That particular package might pass all it's internal tests, but what if they implemented a distribution wrong, or calculated 95% confidence incorrectly? That is when you have to trust the developer personally.
Perhaps this is more of a problem for scientists who just want to download and use a package, but don't have the know how to assess the quality of a package the way developers do?