> In Maven anybody could publish a package that starts with "com.google".
I don't think that's the case. If you want to get on Maven Central (at least via SonaType OSS) you have to prove that you own an email address on the relevant domain.
If it's your own private package repository, then sure, but then that's not an issue for anybody else.
I don't think that's the case. If you want to get on Maven Central (at least via SonaType OSS) you have to prove that you own an email address on the relevant domain.
If it's your own private package repository, then sure, but then that's not an issue for anybody else.