+1 to the general principle, but -1 to the number for retaining access (possibly even the principle behing needing to retain access, though I’m not sure about it overall). I’m one of those infrequent committers, because I no longer work in a team that actively contributes to LLVM - I think in the past 2-3 years, I’ve made single figure numbers of commits, mostly to update things like coding standards. However, I do regularly contribute in other ways (reviewing and on Discourse). As the areas I review semi-frequently attract new contributors and I’m one of the very few contributors to actually review this code who otherwise doesn’t have a direct stake in the progress of the PR (i.e. I’m not in the same team/trying to bring up the same file format etc), it’s important for me to be able to merge other people’s changes. If I lose committ access, I’ll not be able to do that, stalling progress of these new contributors until I shout loud enough that somebody able to comes along to press the button.
As of this past week, GitHub requires 2FA for anything non-trivial, so I expect (but haven’t tried) you won’t be able to push/merge new commits without 2FA enabled. I haven’t looked into this in any more detail though. so it’s possible there are lots of caveats/different roll-out times/etc.