On Wed, 2022-02-16 at 11:21 -0500, Stephen Snow wrote: > Hello, > I don't mean to jump in the midle here, and I am just tossing out an > idea for consideration that doesn't address security issues pointed out > really, but does discuss the non-responsive main maintainer. > I note there is a difficulty in defining the criteria for determining > when an (apparently) inactive packager should be removed from the > packager group. Perhaps a different POV is required. What is the > problem trying to be solved? Removal of inactive packagers? Or the > demotion of said packager in favour for the one(s) who are supporting > the package to be promoted to main.
The former. The main issue here is a security concern: that the accounts of dormant packagers could be taken over and used for evil. So just shuffling the deckchairs of whether someone is a 'primary' or 'co' maintainer on a given package doesn't help. As long as they are allowed to submit official builds of the package, the problem remains. -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
