Hi,


Hope you are doing well.



The recent attacks on orphaned packages have been worrying, and the current way 
adoptions work seems like a huge supply chain risk. Leaving thousands of 
unmaintained packages open for anyone to click and adopt makes the repository 
an easy target for malicious scripts.



Instead of keeping the doors completely open, a safer approach would be to 
change how orphaned packages are handled.



The moment a package loses its maintainer, it could go into a locked, read-only 
state. People can still download it and use it as it is, but the instant 
adoption button gets disabled. It stays locked until an actual user notices it 
is broken or outdated and submits a proper request to take it over, explaining 
why it needs updating. This alone would stop automated bots, as a script cannot 
fake a genuine build error or give a proper reason to adopt.



Once a request is accepted, the new maintainer could be put on a temporary 
status. Instead of their first update going live immediately to everyone, it 
could go into a staging area where the system automatically checks the changes 
in the build file. If the update tries to point the source URL to a completely 
different, dodgy domain, or adds sketchy download scripts, the system blocks it 
before it hits the public index. If it looks clean, it gets pushed out normally.



This puts a solid barrier in front of malicious actors without creating a 
mountain of extra paperwork for the team. It uses the community to flag what 
actually needs fixing, ensuring energy is only spent on software people are 
actively using.



Would love to know if something like this could be considered to help secure 
the repository moving forward.



Best regards,

Lukas Grumlik

Sent using

Reply via email to