I thought this comment was strange at the end of Catfriend1’s post:
> I’ll review the progress from time to time and if I find anything malicious going on, I’ll let you know here.
That’s absolutely not something you say when you trust the person you’re handing things over to :s
Trust is not transitive, nor should it be. We (the users) trust the previous maintainer. They trust the new one. We don't (naturally). The old maintainer says they'll review the new one's work, so we'll have trust the old maintainer (mostly).
Not that the whole trust system can't improve in various ways in general. But for now we have to trust someone.
The statement didn’t seem reassuring.
It’d have been reassuring to hear something like “This person has been a committer for X period, and has demonstrated Y and Z.”
> They trust the new one.
Well my point is it doesn’t sound like they actually do trust the new maintainer. Maybe just poor choice of words, but it didn’t fill me with confidence.
Although I agree if the new maintainer had some creds, it would've been better to use them in a similar reassurance like in your example. But it's hard to really vouch for someone, even if they've made X commits for the past Y years, etc.. Lots of examples here.
If it's still a random/(pseudo-anonymous) account you're trusting, unless there have been some real life appearances or if it's an account that's been proving itself for years, you can only trust them so much.
Basically I agree the message could be interpreted as "I don't trust them, so I'll be on the lookout for anything malicious", but, honestly, at first I just read it as "I trust it, but you can't really trust anyone, so I'll still be on the lookout".