Hi, On another GNU mailing list, someone is writing:
Since I no longer work on <PACKAGE> I give you permission to remove my git server access (the key). If I ever change my mind about this, we can work out a new solution. Can you please check if I have any other privileged accounts or rights left in the infrastructure? Even though we have not used password based logins, I don't want to be a security liability with possible effects for myself and for you. I tend to agree that everyone who has write access to the repository poses a certain (small) security risk; the SSH private key might be compromised. Therefore it sounds like a reasonable security measure to revoke the write access for users who have been inactive for a certain time, say 4 years. Would you agree with that? The following people still have write access to the gnulib repository and have not done any commits in 4 years: Andreas Grünbacher Bruce Korb Ludovic Courtès Derek R. Price Eli Zaretskii Gary V. Vaughan Gerd Moellmann Sergey Poznyakoff Joel E. Denny Kamil Dudka Stefan Monnier Richard M. Stallman Ralf Wildenhues Stefano Lattarini I would like to emphasize that removal of write access would *not* be a disapproval of past work, nor related to lack of friendship. Just a security measure. What do you think? Bruno
