I hope more people do come on board of this discussion now!

I dont think that there should be a fixed percentage about how much one person is allowed to add.

"We need more relays ... but not from you! We don't reject your fingerprints because we don't think that you are malicious but we don't want you to add more relays just because!"

This sounds not very useful to me.

This might be something to consider if there would be that many relays that literally every circuit got its own relays but if that would be the case then it would be much more difficult for one single person to add so much bandwidth.

So far i think the best way is to reject fingerprints or a whole family once they do something provable malicious and in my opinion just adding more bandwidth than other people is not malicious.