Debian developers go through a long step-by-step process to get in that position. Volunteering as a package maintainer first, getting Debian dev to advocate for you, cross-checking people passports, doing interview/exams to become a DD.
DDs review the libraries they package. All uploads are personally signed to keep people accountable.
Instead opening a github account and developing a library can be done anonymously and there's been supply chain attacks done this way.
DDs review the libraries they package. All uploads are personally signed to keep people accountable.
Instead opening a github account and developing a library can be done anonymously and there's been supply chain attacks done this way.