Comment by bsder
4 hours ago
Can someone explain to me why the inverse domain name solution that everyone in the Java world converged on doesn't work?
It's really not clear to me why people keep avoiding that.
4 hours ago
Can someone explain to me why the inverse domain name solution that everyone in the Java world converged on doesn't work?
It's really not clear to me why people keep avoiding that.
1) Trawl registry for packages owned by domains.
2) Note expired domains and register them yourself.
3) Supply chain compromise.
That, and not wanting people to fork out money for a domain as a requirement to participate in the ecosystem.
In my personal opinion, if a rogue actor can compromise your project by buying you the equivalent of a beer and a pizza, I don't think anyone should trust you as a dependency to any extent.