First of all I apologize for going idea crazy lately. I plan on getting into the core development soon, I am just finishing up setting up my local dev environment.
Anyway, my idea for maybe solving a part of the Canonical issue is adding repository management to the WordPress admin for plugins/themes. Maybe the current theme and plugin repos are the "general" repo entries, while the canonical plugins/themes are hosted on an entirely different svn server/group/user/uri ... something.
I am thinking kind of the way linux uses apt-get, yum, or up2date they are rpm repo managers. They are simply built overtop of the entire rpm system managing where that particular linux distro can look for and pull packages from.
This concept is used to separate out lets say core packages, supported packages, and unsupported packages. So that even though there are thousands of GNOMEs or KDEs, we know that the Ubuntu GNOME came from the Ubuntu repo and we shouldn't look for the Ubuntu GNOME on the Fedora repo. Helps with hosting, searching management, and open source distribution in general.
I am simply seeing it as an admin page that allows an administrator to add, remove, or edit svn repository locations that the built-in plugin and theme browsers use. These entries could also have meta to provide an identity to each location such as provider, location, logo (icon), license of authenticity ... whatever.
Extra options such as role management on per repository entry basis.
This way if a repo entry is categorized as an administrative only repo, that entry is not used by the plugin browser (no plugins from that repo are found) if another user with "edit_plugin" rights browses from within the WordPress admin.
And finally last but not least, color coding (along with the icon meta) could make the plugin and theme browsers much more searchable and controlled in terms of your average WordPress admin.
On another note: This may also be totally against WordPress policy, and I am sorry for not being sure before I say it. Essentially this could allow developers to host their own plugins and manage their own updates which would show up along side the WordPress repo plugins and so on. Or maybe there could be a warning if a user is using one of these repos, and to get rid of this warning a system admin could submit some sort of application to WordPress to become an authenticated plugin/theme host.
Ideally this idea could also be looped into the core updating beta testing system.