“Community maintenance” is mostly a pipe dream, imo. Drive by contributions mess up the original design and no one really establishes deep expertise.
Agreed.
Security is a full-time job, and often a thankless one at that. So relying on “wandering minstrels” or “giggers” isn’t only impractical, it can give a false sense of security, as amusingly illustrated in this XKCD rendering (chosen by the maintainer of cryptonite and memory):
(source)
with the last/only security “minstrel” or “gigger” being some other random person in Nebraska.
That a full-time security taskforce for Haskell wasn’t available to take charge of cryptonite before it was forked is unfortunate: that is now history. But how many more times will that history be repeated:
memorymemoriamemoriammemorablememorandummemorabiliarememorative
⋮
until that taskforce is established?