I like @zimbatm’s view on this (at least as I understand it). What we really need in my opinion is
- a way to treat an empty maintainer list for a package similarly to a
brokenflag. - a way to detect maintainers not doing their job. For example if there is a PR or an issue about their package and they did not respond in any way ~1month after being pinged, they are removed from the maintainer list.
That way we don’t have to reject anything based on a feeling that it may not properly be maintained. Users can opt-out of unmaintained packages (and maybe that should be the default). Prospective users can see that it is unmaintained and pick up the mantle.
We’d also need to define clear boundaries of responsibility for library packages. When someone updates a library, in my opinion it is their responsibility to test all (if feasible) reverse dependencies. It would be nice of them to fix errors that pop up, but not a requirement. Instead, they could open a PR, flag the respective maintainers and give them reasonable time to get their packages working with the new library version.