On Tue, Dec 22, 2020 at 11:02 PM Kevin Fenzi <kevin(a)scrye.com> wrote:
On Tue, Dec 22, 2020 at 10:29:11PM +0000, Peter Robinson wrote:
>
> I think what ever process is run at the point their account is
> disabled should revoke all privileges, that's a fairly standard IT
> security procedure.
There's no process for packages/provenpackagers.
We do have a process for infrastructure/sysadmins:
https://docs.pagure.org/infra-docs/sysadmin-guide/sops/departing-admin.html
But it only triggers when we _know_ someone isn't contributing anymore
(they tell us, etc).
How were the accounts disabled though? Is there a process for that or
how did that happen in this context?