[bityard]

First I want to say that I love Debian. They have a great distro that is simple and quite frankly a joy to use, and manage to keep it all going on basically nothing but volunteer effort.

However, I do believe that in certain areas, they give too much freedom to package maintainers. The bar for being a package maintainer in Debian is relatively low, but once a package _has_ a maintainer--and barring any actual Debian policy violations--that person seems to have the final say in all decisions related to the package. Sometimes those decisions end up being controversial.

Your case is one example. Package maintainers ideally _should_ work with upstream authors, but are not required to because a LOT of upstream authors either cannot be reached, or actively refuse to be bothered by any downstream user. (The source tarball is linked on their home page and that's where their support ends!) I don't know what the solution is here, but there are probably improvements that could and should be made that don't require all upstream authors to subscribe to Debian development mailing lists.

[ak217]

Agreed. The intent is good, but there are recurring problems that arise because of insufficient communication between the distro package maintainers and upstream, insufficient domain experience, or both. I think the solution is to set stronger expectations about what kinds of customizations maintainers should be making (in general, fewer than they make today), how to communicate with upstream, and more code review.

[overfeed]

Users trust Debian (and in turn its maintainers) more than the upstream providers to keep the entire OS stable. Upstream, by definition, are likely to be OS-agnostic, only care about their package and perhaps their preferred dependencies.

Debian has earned that trust, and it's software update rules are battle-tested and well-understood.

[overfeed]

> The bar for being a package maintainer in Debian is relatively low

It's typically an unglamorous, demanding, unpaid, volunteer position a few rungs above volunteering at a soup kitchen or food bank. It's unsurprising that the bar is low.

It's also trivial for upstream maintainers to set up their own competing Debian package repos that entirely ignore Debian rules - Microsoft has one for VS Code.