If you set a minimum bar which allows people to claim crates as squatted as a fully automated process, then I think one of two things will happen:
- new squatters will just re-squat previously squatted crates
- the old squatters will republish their war chest of squatted crates to be slightly above your baseline
...and you have accomplished nothing.
To me, that's more of an argument to do more, not less. The user I've been using as an example (swmon) appears to have no public activity in the Rust community. What evidence do you have that they will republish the 100+ crates?
If a new squatter comes in, hopefully they will at least respond (or be able to be reached, unlike the current situation).
If you loop humans in to do manual review (who's volunteering or paying them to do this work?), and they have the power to hijack crates from their current owners and transfer them to other users, then that runs a risk of software supply chain attacks.
When I brought this up before, you responded:
Yes, it is trivial to bypass
...so what's the point exactly?
Again I ask, what supply chain attack? One of the criteria is that the crate is unquestionably useless. No one would depend on an empty crate for obvious reasons; there is zero risk of breakage. If they are depending on it, there's nothing they could be importing, so, again, no breakage. As I said in a previous comment, all versions should be empty, though.
What is the harm in trying to partially solve the issue, rather than trying to sweep it under the rug by bringing up nonexistent risks? You mention that I have dismissed criticisms; feel free to quote which ones I have. All I've done is dismiss namespacing, as that (might) deal with the issue, not my specific proposal. Aside from that, I just requested people stay on topic.