I agree in general that the current situation is a mess. Ideally all the deps would be packaged by distros, and the few things that aren't packaged would be a simple offline build.
But I think Maven isn't the worst offender, there's pypi and npm afterall.
IIRC Maven Central does require signatures, and IMO it's a better quality repo than pypi and npm. (Can't say the same about dozens of 3rd party Maven repos around the net.)
@Wolf480pl I think the author wrote about Maven because that's what they were familiar with. The arguments work anyway.
Welcome to your niu world ! We are a cute and loving international community Ｏ(≧▽≦)Ｏ !