Realistically even package maintainers are not able to do it with 100% confidence that they do the right thing.
Yes. We’d need tooling to make it less error prone if it becomes common.
I have asked several times if there are people willing to do so.
If you’re willing to maintain it at least to the point of bumping dependency versions, then I guess it’s a question of getting someone to give you permission. If you’re not (which would be understandable given your other commitments), then it’s a question of finding someone who has time. There may not be anyone at the moment, in which case you’re back to asking whether you can at least do the minimum.
you do not see a possibility of any solutions of the kind I describe as half measures
I worry that they are much harder than the alternatives. Fundamentally this is a social issue, not a technical one.