I’d like to suggest a third direction. This is inspired by our experience on pyca/cryptography where we often get bug reports saying “you refuse to parse this certificate, which while technically invalid was issued by [some widely used device or CA]”. And the answer we’ve come up with is:
In general, we will accept PRs that work around these kinds of issues, provided they are small, localized, and generally aren’t too awful. BUT, before we’ll merge the PR, someone needs to complain to the third party and make sure they are aware of the issue and have given some indication that they’ll do something about it. And any workaround we accept will be time limited in some way (i.e., we’ll remove the workaround in a few releases).
This tries to preserve a balance between giving users a decent OOTB experience, while also not letting large firms simply externalize their bizarre issues onto OSS projects.