This squatting issue has gone in circles already, so here's a fast-forward:
-
There is a value in short, memorable and relevant names. If you eliminate squatting by not letting anyone have them, then you haven't solved the problem, you've destroyed the value.
- There's an infinite number of nonsensical meaningless names (like "nokogiri" or hashes), so using them is a way to around squatters, but that is a loss of value in naming.
- crates ecosystem is very open-source-centric, so it is possible to cooperate to ensure that the crate with the best name is actually useful, and not a mine to avoid.
-
namespacing moves squatting of crate names to squatting of namespaces. I'll register the "google/" namespace, and we're back to square one.
- using GitHub user/org names in crate names increases dependence on GitHub and effectively outsources moderation to them. Naming of Rust crates would be governed by entity that doesn't care about Rust's problems.
- User names don't make good crate names. Is it
retep998/winapiorretep989/winapi. Do you really want to make remembering this mandatory for using Rust on Windows? - GitHub user and org names can change (only internal ID is stable), and old names become available for registration again. This creates a huge problem when someone changes their name on GitHub.
-
Malware will be removed by crates-io, so that isn't a motivation for anti-squatting policy. Security aspects are a huge can of worms themselves, and much wider than just typosquatting. Many of these things can be done and would be useful regardless of squatting policy.