I like the idea. Only question is how would it enforce that only the latest bundle from Orbit is used?
Two parts to this.
2. For bundles with just signature changes we need to adopt compare and replace so that we keep reusing the previously signed bundle, so that orbit does not publish new versions of bundles with only signature changes. And when we do need to do things like resign all the bundles, then do a forced qualifier update.
However, we could do part 2 for all the current git bundles for 2020-12 RC2. Not sure it is necessary though as the more problematic bundles are the older CVS defined one.