Ineiev <ine...@gnu.org> writes: > On Thu, Mar 14, 2019 at 12:43:13AM -0400, John Sullivan wrote: >> >> What are the benefits to removing inactive accounts? >> >> I named one, which is security. > > I don't think I understand the threats in question very well. >
I am not the expert on Savannah's specifics here, but in general two security risks from old accounts are: 1) people re-use passwords and usernames on multiple sites. The impact of any breach is magnified by the number of accounts; so it is a needless risk magnifier to have lots of old unused accounts around 2) old abandoned accounts that have commit or other kinds of access pose increased security risks to the projects themselves, because it tends to be true that their credentials are not as well protected by their original owners -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
