policy for archiving unmaintained apps
See e.g. fdroiddata!13587 (comment 1530800951) & fdroiddata!13482 (merged)
IMO (and AFAIK we have agreement on this) most unmaintained apps should stay (as long as they work).
But we should have a policy for handling security-sensitive apps for which unmaintained means likely to be vulnerable, e.g.
- bitcoin wallets
- browsers
- (encrypted) messengers
- PDF readers
- VPNs
- ...
This is not meant to be an exhaustive list, just some examples (that may not always apply).
We should have a general policy and then leave it up to maintainers to decide individual cases.
In some cases these can still be useful but should be marked with KnownVuln
(e.g. a comic reader using outdated libraries might be fine for users not worried about malicious files); others should probably be archived (e.g. browsers, VPNs, wallets).