@miketheman thanks for doing this work of weeding the community garden!

@miketheman @pypi

Would this not create a mechanism to dDoS a project and inundate the slack channel with tons of fake reports?

Causing distribution disruption to victim projects and all projects which has that package as an indirect dependency.

So bad actors would target low level projects to maximize disruption. These projects are often plagued by absent maintainers.

https://blog.pypi.org/posts/2024-12-30-quarantine/#future-improvement-automation

Some good targets that are unmaintained:

pip-tools

pip-requirements-parser