I feel like you could also give the maintainers the power to “re-publish” using a different verified maintainer so that if such a thing does happen, it can be reversed without input from the maintainer that originally pulled it. I don’t know enough about the system to really know if this is a good idea tho.
I’m curious if you mean this one issue talked about in the article is the only reason why node packaging is “fucked” or do you have any citations you can provide that point out other issues with it?
I feel this is just a natural progression of how the developers wanted it to function and this is an opportunity to resolve it.
Better that this is done by mistake and resolved than it being used in a malicious attack.
I don’t get why people are down-voting you. It’s a perfectly legit question that I’m thinking about myself. I’m not a lawyer but there would be ways to shield yourself legally I’m sure.