Tom Lane wrote: > Kevin Kofler <kevin.kofler@xxxxxxxxx> writes: >> Another unfortunate side effect of that password expiration: mail to >> username@xxxxxxxxxxxxxxxxx bounces for those people who haven't renewed >> their password in time. This is also a security risk because it means >> people can commit bad things to their packages without them noticing. (I >> just got such a bounce for the commit message for a rebuild for broken >> dependencies.) > > Ick. Surely that's a flat-out bad idea, independently of what you think > of forced password changes. > > Mail should only be disabled for dead accounts, and an account that is > the maintainer of record for a live package had better not be considered > dead, even if its password is (temporarily?) expired. > So this one actually works both ways and we won't know unless the person reactivate their account which it is. If the person is actually gone, this has found that out for us and we can orphan their packages and begin the process of finding new owners for them. If the person is not actually gone then mail is bouncing as you say with all the problem you mention. -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
