Quoting from related thread:
This leads me to thinking if we should reduce the core APIs to just "list versions" and "get version" and leave it up to individual registries to decide if/how they want to handle delete and publish. For instance, an implementation may want to require release tag for publish. As for delete, I understand that it's optional, but maybe we should just exclude it to avoid confusion.
In other words, I am suggesting that the proposal shouldn't define how registry adds package versions to its catalog. The registry's main purpose is to serve packages, and it learns about the packages (by extracting metadata from file(s) for example) that it has processed so it can provide information about them as well.