Hi,
Hope you are doing well. The recent attacks on orphaned packages have been worrying, and the current way adoptions work seems like a huge supply chain risk. Leaving thousands of unmaintained packages open for anyone to click and adopt makes the repository an easy target for malicious scripts. Instead of keeping the doors completely open, a safer approach would be to change how orphaned packages are handled. The moment a package loses its maintainer, it could go into a locked, read-only state. People can still download it and use it as it is, but the instant adoption button gets disabled. It stays locked until an actual user notices it is broken or outdated and submits a proper request to take it over, explaining why it needs updating. This alone would stop automated bots, as a script cannot fake a genuine build error or give a proper reason to adopt. Once a request is accepted, the new maintainer could be put on a temporary status. Instead of their first update going live immediately to everyone, it could go into a staging area where the system automatically checks the changes in the build file. If the update tries to point the source URL to a completely different, dodgy domain, or adds sketchy download scripts, the system blocks it before it hits the public index. If it looks clean, it gets pushed out normally. This puts a solid barrier in front of malicious actors without creating a mountain of extra paperwork for the team. It uses the community to flag what actually needs fixing, ensuring energy is only spent on software people are actively using. Would love to know if something like this could be considered to help secure the repository moving forward. Best regards, Lukas Grumlik Sent using
