On Tue, Dec 22, 2020 at 01:39:26PM -0800, Adam Williamson wrote:
On Tue, 2020-12-22 at 13:23 -0800, Kevin Fenzi wrote:
>
> > Perhaps we need a process for cleaning up membership of this extremely
> > powerful group? If the FAS password of *any one* of those user accounts
> > were somehow compromised (or if just one of them decided they had a
> > grudge against Fedora now and were going to have some fun), the results
> > could be...unfortunate.
>
> Oh look, flashback 13 years:
>
>
https://fedoraproject.org/wiki/User:JesseKeating/AutomatedMIAProposal?rd=...
>
> Anyhow, I was in favor of something then, but it got shouted down, and I
> am still in favor now of some kind of checkin process. I think it should
> be light weight tho... always being bothered is bad. On the other hand
> it's hard to know how to notify people. If you send email once a week
> for 4 weeks and get no answer does that mean they are missing? Or that
> your email is going to the spam folder? Or that they are on a long
> vacation not checking email? It's hard to balance.
So that proposal was just for all packagers. I think it should at least
be reasonable to set a relatively high bar for being a provenpackager.
Proven packagers really should be people who are deeply involved in
Fedora work on a daily basis, I think, and so should be able to respond
to a regular check-in process like this or the one bcotton proposed.
And the result would only be that they'd lose provenpackager
privileges, which could quite easily be restored if it turned out
they'd just gone on a yak farming retreat for a bit or something.
The fedora-active-user script also checks the last date/time the user logged
into FAS (I should check how that'll work with noggin).
This could be re-used here and a simple mechanism to opt-out of the procedure
once initiated.
Pierre