Donald Stufft <donald <at> stufft.io> writes:
The problem with cruft is they make it more difficult to find things for end users who often times don't know what they are looking for. This is especially bad when you have a once popular library/tool for which the maintainer is no longer available. It's already a daunting task for someone to select a library that does something they need to do if they aren’t already familiar with the ecosystem. Adding "landmines" in the form of projects which look to solve
problem but where there is no-one to help them if they run into a bug or who can release a bug fix is fairly unfriendly.
It's unfriendly if you consider that it's PyPI's job to select packages for users. But it does not seem to be going in that direction (see e.g. the absence of ratings or comments, after a brief appearance).
Usually people get their recommendations through the community. If you want to help people through PyPI, you may want to add a friendly, non-scary warning to the PyPI pages of projects which haven't been updated for 24+ months.
Circling back to django-registration, we can see the extra confusion this can cause when a maintainer stops maintaining a popular package. You end up with a multitude of forks, each slightly incompatible and with different features, bugs, etc.
It's inherent to the problem of unmaintained packages. But why would PyPI have any authority over who steps over? PyPI does not have any legitimity to steer those projects. It's not even a controlled software distribution; it's just an index.