Policy for non-maintainer updates to aports
Several incidents make it clear we should create a policy around updates to packages to which the author is not the maintainer.
It should be clear for every developer what they can an cannot do. This is closely related to documenting the responsibilities of a maintainer.