Doesn't this bifurcate the namespace of literally every packaging system they are supporting, or are they requiring `@author/`-namespaced package names?

In the livestream he pokes around a github repo, sees it's one author, and decides that what makes it trustworthy? No GPG signing?

The new Actions support (about 50 minutes into the live stream) for auto-publishing from master is pretty sweet. From the very cursory demo, it seems very much like Gitlab's CI pipelines.

GitHub Actions are pretty neat. They were announced last year and I've started using them a few months ago.

You can sign up for the beta here: https://github.com/features/actions

Introduction: https://www.youtube.com/watch?v=_yPml1iTbmM

I'm a little bit anxious because the pricing has not yet been published. Both GitHub Actions and package registry will be free for public repositories but it is not yet known how much it will cost for private repositories after the beta.