Le dim. 9 févr. 2025 à 20:43, Slawomir Jaranowski <s.jaranow...@gmail.com> a écrit :
> On Sun, 9 Feb 2025 at 13:34, Elliotte Rusty Harold <elh...@ibiblio.org> > wrote: > > > > On Sun, Feb 9, 2025 at 8:00 AM Slawomir Jaranowski > > <s.jaranow...@gmail.com> wrote: > > > > > We have a simple statistic > > > > https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-dist-tool/job/master/site/dist-tool-committers-stats.html > > > > > > To remove somebody we need a procedure for it. > > > > Great. I'm glad we already have the information we need. I see 72 > > committers and maybe 20% of those have been active in the last few > > years. I'm not sure what the technical procedure for removing > > committer privileges is. I don't have admin access on the github or > > svn repos. However as policy I propose: > > As I know we don't manage access rights separately for each service. > We can manage assignments to LDAP groups https://whimsy.apache.org/public/ > by whimsy service. > > > > > 1. Once a year, shortly after January 1, an admin manually removes > > committership from anyone who hasn't committed in the previous 4 > > years. For instance, right now we would revoke commitership from > > anyone whose last commit was in 2020 or earlier. The size of the task > > doesn't feel worth automating. > > > > 2. If a former committer notices they no longer have permissions and > > wants them back to do some work, they just have to ask here on dev@ > > and they will be regranted. They don't have to prove themselves worthy > > of committer privileges again. They've already done that. > > > > 3. Other privileges like issue filing and PMC voting remain in effect > > as these aren't especially risky. > > > > There might be other permissions like the ability to push to the > > website or control the mailing lists we should also lock down. I don't > > know exactly how that works, but if anyone does please speak up. > > > > To be clear, we're not banning anyone. We're simply being cautious > > about active permissions given the risk of compromised old accounts. > > With 72 committers some of whom haven't been heard from in over ten > > years, it's likely some of these accounts are effectively defunct. > > It's even possible some developers are deceased. > > > > Generally I agree - but we should start separate thread for discussion, > and finally finish by VOTE. > Sounds good to me. And we don't need a vote per committer, just listing the names in a single vote should be sufficient. If there's any problem with one of them, we cancel the vote, remove the ones that want to remain active or whatever the reason is, and restart one. At the same time (though, that's a slightly different discussion), I think we should also make PMC members that have not sent a single email or commit in 4 years, become emeritus. And the same applies, they can be reinstated with a simple demand. > > > -- > > Elliotte Rusty Harold > > elh...@ibiblio.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > > -- > Sławomir Jaranowski > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > > -- ------------------------ Guillaume Nodet
