The package automation scripts aren't as good as they could be.
Essentially we're dealing with templated files, and a single YAML file.
As an example, we don't attempt to do any real discovery on the tarballs we fetch apart from version/hash.
We have super basic detection of build types, but this is highly restrictive.
We also don't fetch the description/summary from known files such as the .egg-info inside PyPI packages.
New Go based tools to improve this situation, with full scanners and license detection, etc.