I know I haven't been active on this mailing list, but I've been an Arch user for more than 10 years now, and I wanted to share my perspective on this.
Identity and age verification in an IT context do nothing but harm, both to the community and the people in it, there are many, many examples and studies readily available that explain why. The gist of it is that, especially for an international community like Arch, nothing can ensure beyond a doubt that a malicious actor's identity is actually real. This entirely defeats the purpose of verification. Instead, it only puts honest people who don't "game" the system at an increased risk of identity theft and discrimination. Furthermore, doing something just for the sake of doing something is the worst possible incident response. If the action taken doesn't actually fix the root issue, doing it is worse than doing nothing; it creates friction at best and destroys trust in the system at worst. I agree that the status quo is insufficient and that something HAS to be done, but hastily put together solutions are not going to improve the situation. Unfortunately, I don't have any solution to suggest that might improve things right now, I only know that those won't. Fanfurlio -- Ignorance is a curable illness; all that is needed is the will to learn. - Please don't print this e-mail if you don't need to! On Thursday 28 May 2026, 01:38:32 (+02:00), Aaron Liu wrote: > I don't see why requiring names would stop it. We'd end up with way less > actual names (in fact mine isn't my actual) and all of the uploader > accounts I see have a name in the username you can actually search up. > > Plus, age verification is incredibly unpopular here and all the > arguments against it apply. > > If a package is orphaned, it probably isn't used. > > -- > Cheers, > Aᴀʀᴏɴ > >
