Quite recently there was a paper published discussing various threats to the npm package manager. One thing mentioned was the trustworthiness of package maintainers and how package maintainers that are trusted, generally increase the overall security of their packages and those that depend on them.
I’m interested in what the Rust community has to say about what they think has a positive impact on the trustworthiness of a maintainer. For example, I don’t use my name when publishing crates, due to privacy concerns. Though, I can see how that could be interpreted as me not wanting to take full ownership and responsibility of the code I publish and thereby generally make me less trustworthy.
What do you think are good/bad signs of trustworthy package maintainers?