On March 11, 2019 9:03:32 AM PDT, Ineiev <ine...@gnu.org> wrote: >On Sat, Mar 09, 2019 at 09:14:09AM -0800, John Sullivan wrote: >> >> Both make sense to me. Retaining old inactive data is a security risk >-- >> magnifies the impact of any database breach. > >I checked the records for <rms> as a datapoint. that account >has never been used in any trackers, and there was a period >of 6 years when essentially no group status for that account >was modified. of course, he did commit to VCS, but this is >considerably harder to check.
Yes, I'm sure we would need a whitelist for certain special accounts like RMS. That's not really a data point for anything else, is it?
