I am very happy to announce full support for DSM 5.1 trust level and signed packages.
We have started delivering our public key and will very soon offer signed packages. This represents a huge security improvement. If using CPH as package source within DSM Package Center, you can set the security level to the second level: Synology and Trusted Developers.
This step also represents a huge improvement for developers. They don't need to update their packages or release processes because CPH offers package signing as a managed service. Packages are signed by CPH and then delivered to users.