They might not be strictly necessary but they tend to solve more issues than they cause. Many languages which don't come with a centralized repository built in will tend to spontaneously gain one because they are in fact useful.
"Drunk driving may kill a lot of people, but it also helps a lot of people get to work on time, so it's impossible to say if it's bad or not." - Internet person
This is exhausting.
Arguments like this don't persuade anyone—in fact, they do the opposite. They just highlight that you don't have any reasonable points to make, and are left relying on unfalsifiable and absurd claims.
What's exhausting is your analogy, drunk driving does in fact cause more problems than it solves. Make a reasonable point yourself first before saying I don't have one.
"Unnecessary" is a very strong word and even Go has a centralized module proxy nowadays. So there is an obvious benefit of centralization here, and you should explain what and how much is the overside to give it up.
Where did the request for namespaces on crates.io go? At the moment I have to investigate every crate someone recommends and its dependencies to avoid a possible future XZ situation (checking the GitHub, committers and if they have Linkedin profiles at legitimate companies). Having "mozilla/foo" or "rust-foundation/bar" would be a huge improvement.
Namespace is merely a workaround, not a solution. Arbitrary namespace prefix is still open for registration so it can be squatted just like package name. One essential part of the real solution would be sandboxing of build scripts.
yes but its hard to argue that if you've verified that you own say... somecompany.com that you shouldn't have control over the crates.io org for the same name.
There's really no reason for NPM or crates.io to exist.
Go got this right.