Track unmaintained crates.

[dpc]

Shamelessly copying what RustSec is doing, can't hurt. rustsec/advisory-db#134

The question is - can we reuse existing issues system for that, with some convention, or do we need any additional primitives?

[dpc]

Maybe we can just make the version field optional. Without version the review would be for the whole package. There the reviewer can just put any cries or praises for the package as a whole, not just particular version. Some additional keys might be useful to mark common problems: lack of maintainers, obsoleted, etc.

[BurntSushi]

I like the idea of reviews for whole packages. My only concern there is that praises (or criticisms) may become stale. I guess the timestamp would help alleviate that.

[dpc]

Timestamp is in all proofs by default, so we can tweak how it works once it become a problem, yes.

[dpc]

This has been implemented and cargo crev verify --show-all will display UM flag for crates that were reported as unmaintained.