Vendor name reservation.

[ADmad]

packagist.org should reserve vendor name for matching github user / organisation. For eg. only the user "cakephp" should be allowed to add packages with vendor name "cakephp".

To highlight the problem cakephp/monolog is a package which has not been created by the CakePHP framework team. This can easily confuse a new / inexperienced user into thinking it's an official package.

[AD7six]

👍 to the overall idea of preventing anyone from deliberately or accidentally creating packages in other people/organization's namespace.

I think forcing author === github repo author (not sure if that's the suggestion, just wish to clarify) won't work, in part because:

• the repository path doesn't necessarily have anything to do with the package name
• authors may have several namespaces, or use a different namespace than their own account name
• github is only one source of repos, git is only one possible VCS

This probably affects most frameworks e.g. symfony/sis-ejercicio-imagina wasn't created by symfony.

Any reservation logic would need to apply when creating or updating package info on packagist - i.e. here

[stof]

duplicate of #163

[ADmad]

I think forcing author === github repo author won't work, ....

@AD7six Right, it won't. It's just something that came to mind. Ticket #163 has a better discussion on how to deal with vendor name ownership.

@stof Pretty old ticket and still nothing in the direction of resolving this issue :( This could be a real cause of confusion in future as the number of packages on packagist increases.