Stronger owner controls

[huonw]

Currently any owner can add and (more dangerously) remove any other one, which is open for abuse; e.g. add someone as an owner, have a falling out, and they can remove the main maintainer and squat the package name for themselves.

Possible improvements off the top of my head:

• have a distinguished owner (the initial uploader by default) who cannot be removed as an owner by anyone but themselves and is in control of transferring distinguishedness to some other owner
• keep a chronology of when owners were added, and owners can only be removed by people who have been owners longer (this is similar to the system reddit uses for moderators)

[lilyball]

How about just having a 2-level split of "owner" vs "maintainer". Owners can modify the owner list, whereas maintainers can just publish/yank versions.

[sgrif]

Hey folks, this is definitely still something we'd like to see addressed. We discussed this issue during the issue triage meeting today, and we think this will need to go through an RFC for any significant changes to be accepted here. Right now we're cleaning out some of the older issues that haven't seen recent activity. Since this is one of those issues, I'm going to close this.

I would like to re-iterate that we do want to see improvements here, and anyone interested in working on this should definitely raise it at a team meeting, and we'd be happy to help someone draft an RFC if interested.