Hi all, Following recent supply chain incidents involving the AUR, I’d like to open a discussion regarding the current "open" submission model. To better defend against supply chain attacks and reduce the maintenance burden caused by low-quality submissions, I am proposing a transition to a batch-based submission system. Instead of the current continuous influx, we could implement a scheduled intake: *Submission Windows:* New packages are submitted throughout the month but held in a pending state. *Designated Review Cycles:* Verification occurs on a fixed schedule (e.g., the first Sunday of each month). *Quality Filtering:* Packages are audited for security and adherence to AUR standards. Non-compliant packages are rejected with feedback, allowing maintainers to iterate and resubmit during the next window. The goal is to create a mandatory "cool-down" and verification period that makes it significantly harder for malicious code to be distributed. While this would be a significant shift in workflow, it seems like a necessary step to address the current security landscape. I am interested in hearing perspectives from the TUs and current maintainers on the feasibility of this approach and whether it aligns with our current infrastructure capabilities. Best regards, Amal Krishna