Once you register a namespace it is yours, even if you delete all releases, all other uploaders are "unauthorized"

It takes human intervention to make someone elses upload "authorized"

That's why I wrote "an extra step of giving up primary/co-maintainer status"..... once the original author makes the namespace available again, it's back to free for all: any other PAUSE author (malicious or not) can theoretically upload to the same namespace and spread malware or compromise users' systems via module update. It's easy to register a PAUSE account.

IIRC (i'm not 100%) but it doesn't work like that, if you give up ownership, it still takes manual action by PAUSE administrators/moderators to grant somebody else ownership, unless you're giving it up to a co-maintainer, in which case ... you trusted the team once yeah, so :p

I happen to use two PAUSE ID's (old and new) and for the past 1.5 years have been uploading (using the new account) distributions that were once uploaded using the old account.

Haven't specifically looked into it, but I admit in my experience it's a bit weird sometimes. Sometimes (1) I just need to delete my distribution on the old account, wait a few minutes (not even need to wait 72 hours), and then the related packages would automatically be free and when I upload the distribution using the new account, I get "first-come" again. But sometimes (2) I do have to go to Change Permissions page from my old PAUSE account and explicitly give up primary maintainership before my new distribution on my new PAUSE account gets indexed.

Perhaps in the case of (1), the PAUSE admin was behind it?