> It's everyone's free choice whether they're willing to put their code out there and whether they're willing to actively maintain it for free once it's out there.
Literally not according to you. One 'git push origin master' and our contributor has signed up to your requirements.
Dominic made no promises to anyone -- he offered the world something and said they could use it if they wanted. Full stop.
> No one is entitled to free maintenance of gratis software forever, just because someone once said “npm publish”.
I have made no such claim. If he didn't want to maintain it any more, he could have said "npm deprecate" and that would have been fine.
What's not fine is to say "npm publish", then actively maintain the software for years, then decide you don't want to any more (which, in itself, is fine, it's your choice how much effort you want to put in), but not tell anyone, not deprecate, not send any signal that you have changed your commitment to the package--and then hand over publish rights to some random person who emails you, also without telling anyone.
If you think that is fine, then, as I said several posts upthread in response to another poster, you've basically said no developers should ever trust npm, because people who say "npm publish" are making no commitment whatever, not even to say "npm deprecate" if they don't want to maintain the package any more, or to tell anyone if they decide to hand maintenance over to some other random person. That is not how open source works.
Literally not according to you. One 'git push origin master' and our contributor has signed up to your requirements.
Dominic made no promises to anyone -- he offered the world something and said they could use it if they wanted. Full stop.