[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: removing permissions for long unused accounts?

From: Paul Eggert
Subject: Re: removing permissions for long unused accounts?
Date: Mon, 22 Feb 2021 15:51:49 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1

On 2/21/21 10:20 AM, Bruno Haible wrote:
it sounds like a reasonable security measure
to revoke the write access for users who have been inactive for a
certain time, say 4 years.

That sounds reasonable, for people inactive on the GNU project. However, Sergey (for example) has contributed to GNU Tar within the past 4 years. If his keys are exposed we have a significant security issue in the GNU project anyway and it's not clear how much extra security we would buy by removing him from the Gnulib list. So combining the other suggestions, how about if we remove people who haven't contributed in a year to any GNU project?

Also, by "active" do we mean "authored a patch", "committed a patch", or "pushed a commit to Savannah"? I assume pushing is what counts. Dunno if that's easily measured, though.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]