[Pre-RFC] DNS domains as package namespaces

To some extent that's true -- if I see rust-lang.org/libc then I know it's published by the Rust libs team -- but the Go ecosystem shows that for packages published by individuals the level of trust/reputation derived from identity is clamped to zero.

Updates to packages posted on someone's personal homepage get a higher level of scrutiny compared to packages from golang.org or go.googlesource.com, because you don't know anything about the person who wrote it. This is true regardless of whether the update is being published by the same person who published the initial version.

Note that this is also broadly true in today's crates.io -- I have a certain level of trust that crates published by github:rust-lang:libs are trustworthy, but a lot of crates are just some individual, so there's no telling what's in them and their updates need to be reviewed much more carefully.

I don't think introducing namespaces changes that dynamic.