On Tue, 22 Dec 2020 at 21:40, Adam Williamson <adamw...@fedoraproject.org>
wrote:

> that's 90 of the 251 who still have provenpackager privileges, but
> haven't run any kind of Koji build since at least 2019-01-01 (if you
> check, it turns out many of them haven't run a build since long before
> then). Many of them, to my knowledge, don't work on Fedora at all any
> more and haven't for years. At least one of them, to my and everyone
> else's knowledge, is sadly dead and has been for some time. One account
> - it's Greg Dekoenigsberg - somehow is in the FAS pp group but doesn't
> exist in koji (any more?)
>
> Perhaps we need a process for cleaning up membership of this extremely
> powerful group? If the FAS password of *any one* of those user accounts
> were somehow compromised (or if just one of them decided they had a
> grudge against Fedora now and were going to have some fun), the results
> could be...unfortunate.
>

Security implications are one thing, but it's also unfortunate that these
accounts (and related packages) exist in limbo.
Would it perhaps make sense to extend/improve your script, run it once
every half a year and contact the packagers to check with them whether
they're still interested in Fedora?

Best,
Andy
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Reply via email to