Hi all

On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote:
> Hi all
> 
> Should we disable git accounts for developers who have not been active since
> a long time (like 10 years) ?
> 
> (if these developers come back, the account would then be enabled again)
> but disabling such accounts may improve security (lots of "if" here but
> assuming they loose their key, assuming whoever gets hold of the key
> has interrest and ability to attack ffmpeg and and and, the risk here
> is likely low but not 0)

I count currently 127 people with git write access
above suggestion would disable around 33 accounts.

I cannot show the list because of GDPR
but the remaining 127-33 accounts are on this list:
git log  --since 10.years --first-parent --pretty=fuller | grep '^Commit:' | 
sort | uniq

Note that above command will not produce a clean list. It requires manual
cleanup, "Commit:" is just a text field and not everything thats in that field
has or had a write account. But I cannot post peoples names or email addressed

If i hear noone objecting to this (and there are already multiple people
in favor) then i will disable the 33 accounts in a few days

Thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato 

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to