In my opinion having external account linking, although somewhat useful to combat this, would be absolutely horrible. Not to mention the fact that not everyone is registered or has any kind of interest in having an account on such services.

On 6/17/26 13:20, Braeden Theriault wrote:
Why not add an account link requirement for package adoption? Say linking a Google, proton, or GitHub account as those are atleast a little more difficult to script into existence. For most people who have atleast one other account it wouldn't be an issue, but a script or attacker would have to create said accounts at the same time as the arch accounts. A side effect would be slowing down the rate a human attacker could create new accounts aswell.

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature



Reply via email to