Can we collect the ‘reasonable’ strategies for undoing crate squatting once it has happened.
So far I see:
- Decay, if there has been a lack of activity on project, it becomes available for challenge
- Community, add a button to crates.io that says, ‘This is a bad crate’, once enough people vote, some one looks at it
- Case by case, there is an email like email@example.com where people can send in complaints, and they get looked at
All of these have their up and downsides. Decay could hit the wrong projects. Community could become an incentive for witch hunting or the like, and case by case could be personell expensive and lack transparency.
Decay could potentially be the least personell intensive and most transparent, plus there are other community driven package repositories that do it this way. A button on crates.io could also help with packages that are malicious in other ways. Case by case could be the most accurate, but due to a potential lack of transparency likely the least satisfying for the community.