On Tue, Dec 22, 2020 at 9:23 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > On Tue, Dec 22, 2020 at 12:39:56PM -0800, Adam Williamson wrote: > > A propos of some discussion of the Solarwinds news, it occurred to me > > to check how many proven packager accounts there are in FAS. There are > > 251, which seems like a lot. Then it occurred to me to check how many > > of them are inactive, so I wrote a little script: > > ...snip... > > > > > that's 90 of the 251 who still have provenpackager privileges, but > > haven't run any kind of Koji build since at least 2019-01-01 (if you > > check, it turns out many of them haven't run a build since long before > > then). Many of them, to my knowledge, don't work on Fedora at all any > > more and haven't for years. At least one of them, to my and everyone > > else's knowledge, is sadly dead and has been for some time. One account > > - it's Greg Dekoenigsberg - somehow is in the FAS pp group but doesn't > > exist in koji (any more?) > > Do note that some of these people have accounts and group memebership, > but their accounts in fas are disabled/inactive. I think what ever process is run at the point their account is disabled should revoke all privileges, that's a fairly standard IT security procedure. > > Perhaps we need a process for cleaning up membership of this extremely > > powerful group? If the FAS password of *any one* of those user accounts > > were somehow compromised (or if just one of them decided they had a > > grudge against Fedora now and were going to have some fun), the results > > could be...unfortunate. > > Oh look, flashback 13 years: > > https://fedoraproject.org/wiki/User:JesseKeating/AutomatedMIAProposal?rd=JesseKeating/AutomatedMIAProposal > > Anyhow, I was in favor of something then, but it got shouted down, and I > am still in favor now of some kind of checkin process. I think it should > be light weight tho... always being bothered is bad. On the other hand > it's hard to know how to notify people. If you send email once a week > for 4 weeks and get no answer does that mean they are missing? Or that > your email is going to the spam folder? Or that they are on a long > vacation not checking email? It's hard to balance. > > kevin > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
