Restricted membership isn't a problem, if you make a person a member of a team, then the admin(s) trust them to do an upload. The 5-a-day group is example case:
There are roughly 150-ish users on it. Anyone can register an account, join this team, add a GPG key, upload replacing the existing package with a malicious command, and quite possibly screw users over. Granted, you could put the PPA in a separate team, but having PPAs on teams with open membership seems kinda dangerous ...
Restricted membership isn't a problem, if you make a person a member of a team, then the admin(s) trust them to do an upload. The 5-a-day group is example case:
https:/ /edge.launchpad .net/~5- a-day/+ archive
There are roughly 150-ish users on it. Anyone can register an account, join this team, add a GPG key, upload replacing the existing package with a malicious command, and quite possibly screw users over. Granted, you could put the PPA in a separate team, but having PPAs on teams with open membership seems kinda dangerous ...