Allowing automatic claiming of ownership by a third party is extremely dangerous to the ecosystem. This sounds like a vulnerability that could be used to publish malicious code to repos that people are using but that are no longer maintained (event-stream->flatmap-stream, anyone?).