What if there's no joining process, and they contact a maintainer directly, and peer pressure them to hand over the project, and the maintainer does, and then they sneak a backdoor in some binary test files?
That scenario is exactly what PiVPN is avoiding by refusing to nominate a new maintainer and telling interested parties to fork--so what is your actual and concrete objection?
> I wish people would put their projects in something like https://www.codeshelter.co so anyone who's interested can maintain them, instead of just killing them
So to me that says you want it both ways, for while I appreciate what the codeshelter folks are trying to do, it is a task that is going to turn out Sudden But Inevitable Betrayals. Instead of contacting a maintainer directly, they just look sufficiently polished that codeshelter says "yeah, sure, OK" and hands it over.
Forking the project and earning your own trust really is the safe path forward.
Fork the project. Earn your own trust.