I was just thinking about this yesterday when merging some retroactively added upper bounds into the registry. When we introduced required upper bounds for packages some people were really upset about it (even thought it was just optional!) (see Please be mindful of version bounds and semantic versioning when tagging your packages). Since then there have been mostly silence, and AFAIK this has not been a problem in practice. Most “complaints” is rather about old versions that have no bounds and claim compatibility with everything and we have to retroactively put constraints on them.
The main problem right now seems to be that people release breaking (as in Pkg consider them breaking) versions without any breaking code. This requires maintainers of packages that depend on said package to bump their compat, bump the patch version and re-release, which is not that difficult, takes about 10 seconds (plus maybe running tests to verify that the non-breaking breaking version was not actually non-breaking).
If all maintainers of a package goes MIA it can always be solved in other ways as Tim says.