@ofek asked me for some feedback here from the side of Sentry. I think as far as Sentry is concerned we have no strong feelings about this in any way and I don’t think having this RFC or not having that RFC would change much for us.
I think from the side of a package index, reserved prefixes or namespaces are always tricky because they create a higher administrative burden. The prefix all the sudden is very meaningful and someone controls it. What happens if that person becomes unresponsive and control over the prefix is lost? What if the wrong person registered the prefix? The complexity of this is already somewhat obvious from the related RFC that sets out a policy for PyPI: PEP 755 – Implicit namespace policy for PyPI | peps.python.org
Out of all the options i think the nuget approach is the most reasonable one and that’s also the one that I was hoping the Rust project would chose. It at least leaves it open to the index for how to deal with delegations and and the politics that this will undoubtedly cause.
I think the real question here is if the folks that are tasked with this for PyPI are willing to deal with the load that prefix reservations will cause on them. Given the current already pretty sad state of affairs about 2FA revocations/reissuance my hunch is that one should be very careful with that.