@codyoss is the primary maintainer of oauth2, from what I've seen. Cody, what would you like to happen here?

@heschi I took some maintainer bits there to oversee the google subdirectory there where some of the core auth logic is for the google cloud client libraries. Other than that I don't really do anything there. I definitely don't look at the issue tracker today, nor have the bandwidth to do so.

The bottom of the README does say the issue tracker is used, though. So at least it was on purpose at some point when the repository was well maintained.

We have agreement in principle from @golang/security that issues should be shut down on that repo. Up to them to decide when and how to do it and I'll be happy to assist with GitHub changes.

In the meantime, to address

nor do approvers have access to clean them up

It would help to add team https://github.com/orgs/golang/teams/go-assignees as a collaborator at https://github.com/golang/oauth2/settings/access consistent with https://github.com/golang/go/wiki/GithubAccess

The poorly named "go-approvers" group is the set of people who can edit metadata on issues.

Makes sense to me. Done. If anyone objects I'll undo it.

https://dev.golang.org/owners records the primary x/oauth2 code owner as @bradfitz. Secondary owners are @rakyll @broady @shinfan @codyoss. The responsibilities of code owners aren't documented. It looks like reviews are automatically assigned to the primary owner.

There are many open reviews https://go-review.googlesource.com/q/project:oauth2+status:open but the code owners are inactive:

Remove oauth2 owners inactive since 2021

Reviews are automatically assigned to owners , see #56402 (comment)

• https://go-review.googlesource.com/q/project:oauth2+reviewedby:cbro@golang.org inactive since 2021
• https://go-review.googlesource.com/q/project:oauth2+reviewedby:bradfitz@golang.org inactive since 2021

Where should proposals for x/oauth2 be opened? This isn't obvious from the readme. I think it has to be https://github.com/golang/go/issues so that the proposal isn't missed.

Yes.

@seankhliao given #61401 has been marked as duplicate is that an encouragement to re-open issues here? If yes: could we request individual issues to be migrated (rather than written again)? Should be straightforward using Github UI afaik.

I think issues should be disabled, and people can continue to use the main (go) issue tracker for bugs.

This should be done asap. After 5 years of coding Go and various issues and comments in that repo it didn't even occur to me that it was abandoned. What is missing to make this decision?

Minor, but it would be nice to set up a codereview.cfg in the oauth2 repo when this happens (example).

@andig (or anyone else), if you are interested in slightly nudging this issue along, you could consider sending a CL that adds a codereview.cfg there, but of course no worries if not interested in that.