Hi

On Sun, Nov 10, 2024 at 07:44:11PM +0100, Michael Niedermayer wrote:
> Hi all
> 
> On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote:
> > Hi all
> > 
> > Should we disable git accounts for developers who have not been active since
> > a long time (like 10 years) ?
> > 
> > (if these developers come back, the account would then be enabled again)
> > but disabling such accounts may improve security (lots of "if" here but
> > assuming they loose their key, assuming whoever gets hold of the key
> > has interrest and ability to attack ffmpeg and and and, the risk here
> > is likely low but not 0)
> 
> I count currently 127 people with git write access
> above suggestion would disable around 33 accounts.
> 
> I cannot show the list because of GDPR
> but the remaining 127-33 accounts are on this list:
> git log  --since 10.years --first-parent --pretty=fuller | grep '^Commit:' | 
> sort | uniq
> 
> Note that above command will not produce a clean list. It requires manual
> cleanup, "Commit:" is just a text field and not everything thats in that field
> has or had a write account. But I cannot post peoples names or email addressed
> 
> If i hear noone objecting to this (and there are already multiple people
> in favor) then i will disable the 33 accounts in a few days

I have rechecked this situation and IIUC the GDPR has some exceptions
for cases where its in teh public interrest. I think listing who has
git write of a public project like FFmpeg is in the public interrest
and that transparency weighs heavier

So heres the list of people who will have git write access after dormant
accounts are disabled. All the ones here where active in the last 10 years
as a committer in FFmpeg. Noone is added, everyone from this list had access
before

mstorsjo ajacobs akhirnov cehoyos ngeorge thardin rdoeffinger rsbultje 
mniedermayer pross rpinochet ssabatini bcoudurier ahannula rpolla compn benoit 
philipl gbeauchesne ubitux beastd durandal daemon404 pasteeater wm4 jamrial 
lukaszm jzern andreasc timo rostislav nevcairiel claudio gramner cus thilo 
pedro arttu vesselin timothygu mattoliver rcombs mateo gajjanag kierank 
jamesdarnley tvolkert mfaiz rkern kswanson jkqxz josh pburt jansebechlebsky 
aconverse stevenliu mjbshaw bangnoise vittorio tobiasrapp agupta foo86 jeeb 
martinv jorge kjeyapal junzhao gyan pavel lizhong laurikasanen songruiling 
yejunguo hwren jluthra agelman arheinhardt lmwang linjiefu zanevi shutchinson 
haihao haasn zhilizhao leoizen pal courmisch lynne dmitrii nuomi bsmith feiwan 
ePirat marth64

(some people above have 2 keys, these duplciates where removed)

I intend to wait a few more days before updating the list so people
can review this. Mistakes are not impossible as i had to match these
to teh emails from git by hand

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato 

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to