On Wed, 2020-12-23 at 00:49 +0000, Peter Robinson wrote: > On Wed, Dec 23, 2020 at 12:37 AM Peter Robinson > <pbrobinson@xxxxxxxxx> wrote: > > > > On Wed, Dec 23, 2020 at 12:20 AM Kevin Fenzi <kevin@xxxxxxxxx> > > wrote: > > > > > > On Tue, Dec 22, 2020 at 11:22:17PM +0000, Peter Robinson wrote: > > > > On Tue, Dec 22, 2020 at 11:02 PM Kevin Fenzi <kevin@xxxxxxxxx> > > > > wrote: > > > > > > > > > > On Tue, Dec 22, 2020 at 10:29:11PM +0000, Peter Robinson > > > > > wrote: > > > > > > > > > > > > I think what ever process is run at the point their account > > > > > > is > > > > > > disabled should revoke all privileges, that's a fairly > > > > > > standard IT > > > > > > security procedure. > > > > > > > > > > There's no process for packages/provenpackagers. > > > > > > > > > > We do have a process for infrastructure/sysadmins: > > > > > > > > > > https://docs.pagure.org/infra-docs/sysadmin-guide/sops/departing-admin.html > > > > > > > > > > But it only triggers when we _know_ someone isn't > > > > > contributing anymore > > > > > (they tell us, etc). > > > > > > > > How were the accounts disabled though? Is there a process for > > > > that or > > > > how did that happen in this context? > > > > > > Accounts can be disabled two ways: > > > > > > 1. The user logs in and marks the account 'inactive'. To change > > > this > > > back to active they have to reset their password and login again > > > and > > > change it back. > > > > > > 2. An admin can change users to 'disabled' where they cannot > > > change that > > > without intervention. > > > > In both cases all ACLs should be removed, if in the former they > > wish > > to have what ever access back there can be a documented process to > > file a ticket for it. > > Just to expand on this a little. Removing access from people that > have > left the project either because they've decided they're able to > continue to contribute (option 1) or because something has triggered > an admin process (option 2) isn't a slight on the person involved in > any of this process and removing a well earned ACL doesn't remove any > of the contributions or the value they provided in the past. > > But we have to realise than inactive accounts may mean associated > inactive email addresses or other things associated with a person > which may be open to compromise as well and we need to protect the > project as a whole as after-all if a fellow contributor has moved on > to better things account is used to comprise everything where does > that leave us? > Maybe mandatory password/key rotation is an option? With your account disabled after a grace period if the password is expired. We can start with enforcing this for people who have membership in important groups (e.g. provenpackager, sponsors). -- Michel Alexandre Salim profile: https://keyoxide.org/michel@xxxxxxxxxxxxxxx chat via email: https://delta.chat/ GPG key: 5DCE 2E7E 9C3B 1CFF D335 C1D7 8B22 9D2F 7CCC 04F2
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
