• wiki_me@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    verifying the submitter is a member of the project

    That’s a different requirement as far as i can tell (When you do that you get the “plus” sign next to the name on the store).

    the software name does not conflict with a well known name,…

    It should conflict, the point is that some random dude can create a package and people could use it.

    They can review and check that the URL in the manifest used to build or install the package is from upstream, but that can later be changed, it would be better to have some system where you need to whitelist URL’s i think.