I stumbled across four kinds of abandoned crates:
- No Updates. These were made quite a while ago and the author(s) has lost intrest. These crates are fine and if they are (still) usefull, will find a new maintainer. Usally the original author ist still somewhat around and transfers the project to somebody else or gives them enough access.
- No Source. The author(s) accounts are deleted or the source code hosting disappeared. Maybe if the project was popular enough, somebody may have a public clone somewhere.
- Reserved crates. Somebody reserved a name, but over a year later there is still no real release. Worst case scenario, the authors account is no longer available.
- Old dependency. Some (very) nested crate is abandoned, but the dependend crates are still active.
So I have some questions from both scenarios:
1.1 Is it currently a problem if an maintainer does not respond? 1.2 Does crates.io transfer ownership if requested or do we simply wait until “word spreads” about the new fork? 2.1 Has crates.io an old clone or copy of the source? 2.2 Will the code become public domain if the author has not left any mark inside the source? 2.3 Should the crate have a flag/category so a searching user can spot it? 2.4 Or even look for a project to take over? 3.1 Will the slot be freed? 3.2 If somebody would like to take the slot, can it be transfered? 4.1 Should cargo or a plugin for it warn the user about the old dependency? Sometimes old code is just done and needs no update (e.g. hardware dependent acceleration code).