Hi On Sun, Nov 10, 2024 at 07:44:11PM +0100, Michael Niedermayer wrote: > Hi all > > On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote: > > Hi all > > > > Should we disable git accounts for developers who have not been active since > > a long time (like 10 years) ? > > > > (if these developers come back, the account would then be enabled again) > > but disabling such accounts may improve security (lots of "if" here but > > assuming they loose their key, assuming whoever gets hold of the key > > has interrest and ability to attack ffmpeg and and and, the risk here > > is likely low but not 0) > > I count currently 127 people with git write access > above suggestion would disable around 33 accounts. > > I cannot show the list because of GDPR > but the remaining 127-33 accounts are on this list: > git log --since 10.years --first-parent --pretty=fuller | grep '^Commit:' | > sort | uniq > > Note that above command will not produce a clean list. It requires manual > cleanup, "Commit:" is just a text field and not everything thats in that field > has or had a write account. But I cannot post peoples names or email addressed > > If i hear noone objecting to this (and there are already multiple people > in favor) then i will disable the 33 accounts in a few days
I have rechecked this situation and IIUC the GDPR has some exceptions for cases where its in teh public interrest. I think listing who has git write of a public project like FFmpeg is in the public interrest and that transparency weighs heavier So heres the list of people who will have git write access after dormant accounts are disabled. All the ones here where active in the last 10 years as a committer in FFmpeg. Noone is added, everyone from this list had access before mstorsjo ajacobs akhirnov cehoyos ngeorge thardin rdoeffinger rsbultje mniedermayer pross rpinochet ssabatini bcoudurier ahannula rpolla compn benoit philipl gbeauchesne ubitux beastd durandal daemon404 pasteeater wm4 jamrial lukaszm jzern andreasc timo rostislav nevcairiel claudio gramner cus thilo pedro arttu vesselin timothygu mattoliver rcombs mateo gajjanag kierank jamesdarnley tvolkert mfaiz rkern kswanson jkqxz josh pburt jansebechlebsky aconverse stevenliu mjbshaw bangnoise vittorio tobiasrapp agupta foo86 jeeb martinv jorge kjeyapal junzhao gyan pavel lizhong laurikasanen songruiling yejunguo hwren jluthra agelman arheinhardt lmwang linjiefu zanevi shutchinson haihao haasn zhilizhao leoizen pal courmisch lynne dmitrii nuomi bsmith feiwan ePirat marth64 (some people above have 2 keys, these duplciates where removed) I intend to wait a few more days before updating the list so people can review this. Mistakes are not impossible as i had to match these to teh emails from git by hand thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who are too smart to engage in politics are punished by being governed by those who are dumber. -- Plato
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
