On Tue, 2020-12-22 at 13:23 -0800, Kevin Fenzi wrote:
> Perhaps we need a process for cleaning up membership of this extremely
> powerful group? If the FAS password of *any one* of those user accounts
> were somehow compromised (or if just one of them decided they had a
> grudge against Fedora now and were going to have some fun), the results
> could be...unfortunate.
Oh look, flashback 13 years:
https://fedoraproject.org/wiki/User:JesseKeating/AutomatedMIAProposal?rd=...
Anyhow, I was in favor of something then, but it got shouted down, and I
am still in favor now of some kind of checkin process. I think it should
be light weight tho... always being bothered is bad. On the other hand
it's hard to know how to notify people. If you send email once a week
for 4 weeks and get no answer does that mean they are missing? Or that
your email is going to the spam folder? Or that they are on a long
vacation not checking email? It's hard to balance.
So that proposal was just for all packagers. I think it should at least
be reasonable to set a relatively high bar for being a provenpackager.
Proven packagers really should be people who are deeply involved in
Fedora work on a daily basis, I think, and so should be able to respond
to a regular check-in process like this or the one bcotton proposed.
And the result would only be that they'd lose provenpackager
privileges, which could quite easily be restored if it turned out
they'd just gone on a yak farming retreat for a bit or something.
--
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net