On Tue, Dec 22, 2020 at 12:39:56PM -0800, Adam Williamson wrote:
> A propos of some discussion of the Solarwinds news, it occurred to me
> to check how many proven packager accounts there are in FAS. There are
> 251, which seems like a lot. Then it occurred to me to check how many
> of them are inactive, so I wrote a little script:
>
> ===
>
> #!/usr/bin/python3
>
> import getpass
>
> from fedora.client.fas2 import AccountSystem
> from koji import ClientSession
>
> username = input("FAS user name: ")
> password = getpass.getpass("FAS password: ")
>
> acc = AccountSystem(username=username, password=password)
> pps = acc.group_members("provenpackager")
>
> ks = ClientSession("https://koji.fedoraproject.org/kojihub";)
> for pp in pps:
> user = ks.getUser(pp["username"])
> if not user:
> print(f"{pp['username']} NON-EXISTENT IN KOJI")
> continue
> uid = user["id"]
> if ks.listBuilds(userID=uid, createdAfter="2019-01-01 00:00:00"):
> continue
> print(pp["username"])
One thing missing there is the check if the account is still active in FAS. In
the case of Seth you'll see it has been disabled for a long time. So there no
security risk with that account.
Pierre
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
