We currently send an email to all uploaders whenever a package is published.
This is largely a security feature to help detect compromises. We can't possibly stop all attacks, but if users can detect attacks and report them that is fantastic, as it enables us to find out how people were compromised and, thus, consider mitigating the attack vector.
But we could consider letting users opt-out of this... On other hand, forcing users to receive emails is a security feature.
I vote that we don't let users opt out of emails, as these emails makes it easy to detect an unauthorized package publication.
Note. other options we could consider:
But sending to all members of a publisher is probably overkill, and will cause these emails to be filtered out which is counter productive to security.
We could also have different roles (currently everyone is admin) and then:
Most helpful comment
We could also have different roles (currently everyone is admin) and then: