LSD is a software project which analyzes package data and stores it inside a database. The database is then queried for the analyzes data and results are represented in different diagrams. LSD currently only supports the analysis of Arch Linux but will get extended with other operating systems soon. A general software knowledge database with information about available gpg signatures, https, bugtracker links, etc. will be created too.
A secure operating system requires securely packaged software. In order to secure the packaging process upstream developers need to sign their sources with GPG and optimally provide then over an encrypted HTTPS connection. A single tampered package can compromise the system, no matter if its just an icon theme or a core feature. The reason why the LSD project was started to track the current status of the package security of several distributions and improve it over time.