Re: account system group deletions

["Mark O'Brien" <markobri@xxxxxxxxxx>]

Should there be an announcement or at least a ping of other group
managers just to make sure there are no objections? While unlikely,
I'm a little concerned that a rogue group manager could cause some
harm on their way out the door, for example.

I think a good solution for this would be needing +1s on the ticket from 

group members before it can be deleted, with a few possible exceptions 

of old groups with only 1 or 2 people in them.

> We now have 5 requests to remove various no longer used groups.
>
> I've enabled audit logging on our ipa01 instance, so we have audit logs
> (and I intend to back them up and keep them forever). So we can tell
> when a group was deleted by whom. We also have a db dump from fas2
> before the switchover where we can look at who was in what group or what
> created it.
>
> So, I would like to propose:
>
> * we will remove groups on request/ticket from a group manager.
> * we will not seek out groups to remove, as them being there doesn't
> really hurt anything.
>
> Thoughts?

Otherwise I think if we have the audit log then we should be free to 

delete the groups as needed. It will likely be a rare request in future, the

new account system has triggered a spring clean I think.

Mark

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure