On 09/02/2022 08:03, Mattia Verga via devel wrote:
Just being paranoid here: do we have any policy / automatism for disabling "power" users (in packager group or like) which have been inactive for long time?
Some maintainers don't have recent commits or Koji builds because other Fedora contributors maintain their packages. Do you want to delete all these users from Fedora completely?
I think this is a very bad idea. We shouldn't offend people.
I'm no security expert, but an inactive user account may be hacked without noticing and if such account have powers like being in the packager group may inject bad things in the distribution.
That's why we have Bodhi. All updates must reach a positive karma threshold or remain in testing for 7 days.
Also, I don't remember such precedents in the entire history of Fedora.
Maybe a script could check user activities in src.fedoraproject.org and send a warning email if no activity is made in one year?
You don't need to be logged into src.fedoraproject.org or account.fedoraproject.org to maintain packages. You can simply make commits and send them to Bodhi using CLI tools.
-- Sincerely, Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
