The problem with this is that there can be no “authoritative” source for such judgments, because what is “strong” vs. “weak” depends on a number of factors which will differ widely from one use-case to another (as explained here and here). What is “strong” for one set of credentials will always be “weak” for another set of credentials (and vice versa) — it’s a fool’s errand (or as @bit had put it in the entropy meter thread, it’s “security theatre”).
But if we are required to choose between two evils (arbitrary lower bounds in the generator vs. arbitrary warnings about “weak” passwords), I suppose I would prefer the arbitrary warnings (especially if they can be disabled with an option to “don’t warn me again”).