[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > > I think a mandatory requirement should simply be that any
  > > packages which go into non-GNU ELPA are hosted on an approved
  > > platform. We could point to a list of such hosting providers
  > > e.g. https://www.gnu.org/software/repo-criteria-evaluation.html
  > > and say Grade C or better only. .

  > There is no such requirement for GNU ELPA at the moment.

GNU ELPA packages are hosted inside GNU ELPA itself.  The package
developers update their packages inside GNU ELPA.

NonGNU ELPA will be quite different.  Packages will generally be
hosted elsewhere.  We won't insist that the developers do things
in the way we would consider acceptable in the GNU Project.