Grand vision would be if a maintainer got severely hurt, sick, or died; GitHub, npm, (or whatever platform) would be able to grant access to a trusted person² who is capable of keeping things afloat until someone else (or company/org) can completely take over.
Security.txt has an RFC, not sure if that would be necessary, although I always wanted to help write an RFC.
So I ask you, fellow sustainers, is this a road worth going down?
¹ not sure if that is the name we are keeping yet
² not everyone has a GitHub or npm account, I know hard to believe but it’s true.