<blockquote> We absolutely agree with the use case. PR people can not
be trusted with technical changes, and technical people
</blockquote>
Agreed, but we don't need all these custom permissions to adhere to that principle.
If we added a "publish" permission (or "admin_content"), then any site administrator could easily implement your policy at the package or site-wide level.
If we could arrive at a consensus on the standard permissions and their meanings (perhaps it's just: read, write, create, publish, delete, admin), maybe we could make it a 4.7 requirement that all package maintainers re-visit their modules and rework their permissions code (certainly some custom permissions will survive, but many will be unnecessary). Also, I'm still not sure of the best way to handle upgrades.
Personally, this is not a huge issue in that the current system isn't giving me any big headaches or anything. It just would be nice to see a cleaner and more consistent permissions model moving forward.
So, what's the next logical step? Who can actually decide on this?
