On Tue, 22 Dec 2020 at 21:40, Adam Williamson <adamw...@fedoraproject.org> wrote:
> that's 90 of the 251 who still have provenpackager privileges, but > haven't run any kind of Koji build since at least 2019-01-01 (if you > check, it turns out many of them haven't run a build since long before > then). Many of them, to my knowledge, don't work on Fedora at all any > more and haven't for years. At least one of them, to my and everyone > else's knowledge, is sadly dead and has been for some time. One account > - it's Greg Dekoenigsberg - somehow is in the FAS pp group but doesn't > exist in koji (any more?) > > Perhaps we need a process for cleaning up membership of this extremely > powerful group? If the FAS password of *any one* of those user accounts > were somehow compromised (or if just one of them decided they had a > grudge against Fedora now and were going to have some fun), the results > could be...unfortunate. > Security implications are one thing, but it's also unfortunate that these accounts (and related packages) exist in limbo. Would it perhaps make sense to extend/improve your script, run it once every half a year and contact the packagers to check with them whether they're still interested in Fedora? Best, Andy
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
