[mxhwll]

Great question jotaen. For our ITN we do indeed require the open source to be in a package manager. We support 6 package managers at launch including npm, pypi, gem, brew and apt.

We intend to aggressively expand this (I have soft spot for Swift) but also have plans for eventually decentralizing this properly relying only on release tarballs that can be signed proving attachment to the wallets registered with the tea protocol.

I'm fully aware just how much amazing open source is outside package managers but we really believe in doing this problem well and that also meant limiting ourselves at the outset to established and reputable third party data.