A propos of some discussion of the Solarwinds news, it occurred to me
to check how many proven packager accounts there are in FAS. There are
251, which seems like a lot. Then it occurred to me to check how many
of them are inactive, so I wrote a little script:
===
#!/usr/bin/python3
import getpass
from fedora.client.fas2 import AccountSystem
from koji import ClientSession
username = input("FAS user name: ")
password = getpass.getpass("FAS password: ")
acc = AccountSystem(username=username, password=password)
pps = acc.group_members("provenpackager")
ks = ClientSession("https://koji.fedoraproject.org/kojihub";)
for pp in pps:
user = ks.getUser(pp["username"])
if not user:
print(f"{pp['username']} NON-EXISTENT IN KOJI")
continue
uid = user["id"]
if ks.listBuilds(userID=uid, createdAfter="2019-01-01 00:00:00"):
continue
print(pp["username"])
===
Here is the list it produced:
alexl
alexlan
arg
athimm
atkac
bernie
bkabrda
bpepple
caillon
cebbert
chitlesh
cweyl
cwickert
davej
dbhole
dcbw
denis
dgregor
dsd
ecik
ensc
epienbro
fitzsim
gdk NON-EXISTENT IN KOJI
gemi
ianweller
iarnell
ilianaw
ishcherb
ivazquez
ixs
jcapik
jkeating
johnp
jpo
jreznik
jspaleta
jstanley
jsteffan
jwilson
kasal
katzj
kay
ke4qqq
kengert
kyle
kylev
laxathom
lennart
lmacken
lutter
markmc
mbarnes
mef
mjakubicek
mjg59
mmahut
mmaslano
mmcgrath
msrb
mstuchli
npmccallum
overholt
paragn
patches
pertusus
pjp
praveenp
pravins
rakesh
rkuska
rvokal
s4504kr
scop
sdake
sdz
skvidal
stahnma
steve
sundaram
thomasvs
toshio
tradej
tremble
tstclair
tuxbrewr
vakwetu
vicodan
willb
wolfy
that's 90 of the 251 who still have provenpackager privileges, but
haven't run any kind of Koji build since at least 2019-01-01 (if you
check, it turns out many of them haven't run a build since long before
then). Many of them, to my knowledge, don't work on Fedora at all any
more and haven't for years. At least one of them, to my and everyone
else's knowledge, is sadly dead and has been for some time. One account
- it's Greg Dekoenigsberg - somehow is in the FAS pp group but doesn't
exist in koji (any more?)
Perhaps we need a process for cleaning up membership of this extremely
powerful group? If the FAS password of *any one* of those user accounts
were somehow compromised (or if just one of them decided they had a
grudge against Fedora now and were going to have some fun), the results
could be...unfortunate.
--
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
