I thought this comment was strange at the end of Catfriend1’s post:
> I’ll review the progress from time to time and if I find anything malicious going on, I’ll let you know here.
That’s absolutely not something you say when you trust the person you’re handing things over to :s
Trust is not transitive, nor should it be. We (the users) trust the previous maintainer. They trust the new one. We don't (naturally). The old maintainer says they'll review the new one's work, so we'll have trust the old maintainer (mostly).
Not that the whole trust system can't improve in various ways in general. But for now we have to trust someone.
The statement didn’t seem reassuring.
It’d have been reassuring to hear something like “This person has been a committer for X period, and has demonstrated Y and Z.”
> They trust the new one.
Well my point is it doesn’t sound like they actually do trust the new maintainer. Maybe just poor choice of words, but it didn’t fill me with confidence.
I suspect a lot of folks would be horrified at how typical the former maintainer’s approach to trust is in actual reality. It ends up being necessary because there are maybe a single digit number of people in the world who are willing to commit to long-term project maintenance (beyond their own pet peeves, anyways) at all, and with the general hostility towards compensating anyone for their work in software, it’s not like a maintainer can afford to hire and develop a protégé. This is how maintainership worked in CPAN for decades and, barring a culture shift towards paying project maintainers for their maintenance effort, it’s how it’s going to continue working in most projects as us maintainers grow tired and fade out.