[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: removing permissions for long unused accounts, take 2

From: Jim Meyering
Subject: Re: removing permissions for long unused accounts, take 2
Date: Tue, 12 Jul 2022 23:22:30 -0700

On Tue, Jul 12, 2022 at 10:18 PM Bruno Haible <bruno@clisp.org> wrote:
> Hi,
> I started this topic in 2021, in [1]: a proposal to remove write
> permissions from accounts who haven't pushed in a long while.
> There was agreement [2] that contributors who had not directly pushed
> a commit in a year could be revoked the write permission.
> The discussion ended with the question who of the gnulib savannah
> admins wanted to do it.
> What has changed since then:
>   * The log4j incident in December 2021 and a couple of similar
>     incidents in the npm world have brought to everyone's attention
>     that software supply chain is critical.
>     As a reaction, the Linux Foundation has created a sub-foundation [3],
>     GitHub will make 2FA mandatory by the end of 2023 [4], and similar
>     moves are underway in the Ruby and Python communities [5].
> In GNU, Gnulib is probably, together with the Autotools, one of the
> most critical elements of the software supply chain. If a trojan/malware
> commit gets into Gnulib, we would have big trouble.
> Also:
>   * Since July 2021, I am co-maintainer of Gnulib, and one of the gnulib
>     savannah admins.
> Therefore I would now like to actually do it.
> OK to proceed?

Thanks for taking this on. Fine with me.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]