|
| From: | Paul Eggert |
| Subject: | Re: removing permissions for long unused accounts? |
| Date: | Mon, 22 Feb 2021 15:51:49 -0800 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
On 2/21/21 10:20 AM, Bruno Haible wrote:
it sounds like a reasonable security measure to revoke the write access for users who have been inactive for a certain time, say 4 years.
That sounds reasonable, for people inactive on the GNU project. However, Sergey (for example) has contributed to GNU Tar within the past 4 years. If his keys are exposed we have a significant security issue in the GNU project anyway and it's not clear how much extra security we would buy by removing him from the Gnulib list. So combining the other suggestions, how about if we remove people who haven't contributed in a year to any GNU project?
Also, by "active" do we mean "authored a patch", "committed a patch", or "pushed a commit to Savannah"? I assume pushing is what counts. Dunno if that's easily measured, though.
| [Prev in Thread] | Current Thread | [Next in Thread] |