On Sat, Feb 12, 2022 at 11:46 AM Vitaly Zaitsev via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On 09/02/2022 08:03, Mattia Verga via devel wrote: > > Just being paranoid here: do we have any policy / automatism for > > disabling "power" users (in packager group or like) which have been > > inactive for long time? > > Some maintainers don't have recent commits or Koji builds because other > Fedora contributors maintain their packages. Do you want to delete all > these users from Fedora completely? > > I think this is a very bad idea. We shouldn't offend people. > > > I'm no security expert, but an inactive user account may be hacked > > without noticing and if such account have powers like being in the > > packager group may inject bad things in the distribution. > > That's why we have Bodhi. All updates must reach a positive karma > threshold or remain in testing for 7 days. > > Also, I don't remember such precedents in the entire history of Fedora. > > > Maybe a > > script could check user activities in src.fedoraproject.org and send a > > warning email if no activity is made in one year? > > You don't need to be logged into src.fedoraproject.org or > account.fedoraproject.org to maintain packages. You can simply make > commits and send them to Bodhi using CLI tools. That's not true. You need to log in to src.fedoraproject.org at least *once* to get group memberships synced over (including "packager"). Without that, you can't push things to dist-git. So everybody who joined the packager group since pagure-dist-git has been a thing, and has pushed at least one commit, certainly needs to have logged in at src.fedoraproject.org at least *once*. Fabio _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
