While I agree that this is a good idea, I have one note of caution:
What's to stop someone adding a malicious package which did something
like ‘Provides: glibc’ and subsequently infects everyone's machine?
I think we'd want to consider the security implications of accepting
packages after only automated review.
I agree. I think a pair of human eyes will have to look at package submissions at least until we have a sufficiently advanced FPC AI to do it ;)
However, I think using automated checks for existing packages would be a nice thing (although fedora-review isn't suited to do that right now, and is out of sync with current guidelines).
Fabio