Founder of https://socket.dev here. We’re considering an alert like “Maintainer has engaged in sabotage behavior in the past” to cover cases like colors, node-ipc, event-source-polyfill.
It's sad watching OSS go from the carrot approach (GitHub stars, blog posts, etc.) to the stick approach (blacklisting developers).
If you insist on doing this, maybe try to answer a few of these questions first:
* How are you defining "sabotage"? And how do you reconcile the act of "sabotage" on a project with an MIT license: "AS IS, WITHOUT WARRANTY OF ANY KIND"?
* What are the rights of the accused? Is there a review / appeal process? A way to get your record expunged? Who will be the arbiters?
* Many minors contribute to OSS, what are their rights? And what age is a minor? How will you verify age?
* How long does this "black mark" last once "convicted"?
* How are you going to differentiate between a bug, an intentional breaking change, activism, sabotage, malware, etc.? And will it make a different if it's in the test suite? In non-breaking functionality? In undocumented functionality? In documented functionality? Or if it affects a minority of users vs. all users?
* What's your tolerance for jokes, easter eggs, etc. that intentionally or unintentionally cause mischief / unexpected results?
* What's your stance on maintainers that refuse to remove or revert code committed by other developers that you consider "sabotage"? Will the entire project team be flagged as "sympathizers"? Or will everyone but the author of the offending commit get a pass?
* How do you disambiguate between developers, through their birth name or username? What happens if a "blacklisted" developer changes their username or creates a new one?
Lots more questions, but if you proceed, I hope it done with a firm understanding of history. Joe McCarthy (https://en.wikipedia.org/wiki/Joseph_McCarthy) famously tried to stamp out communism with a list of "subversive" individuals. The blacklist ultimately became a way to intimidate and control, because it had no safe guards, no transparent criteria, no neutral arbiters, no compassion, no due process, etc.
