On Sun, Sep 4, 2022 at 3:48 PM Adam Williamson
<adamwill(a)fedoraproject.org> wrote:
Personally, once a year wouldn't be anywhere near frequent enough
to
trigger me to Do Something About It - it took me years to turn off
Bugzilla's "hey look you have needinfo bugs!" thing and I was getting
that every *day*. :P But I dunno about others.
At least you did not have to actively respond once a day in order
to keep your packaging status. If you did, I suspect you would
have figured out a different solution (and being required to
respond is what we are talking about here). I am not sure how
often a required response should be (and as you rightly say,
it can vary by person). While (putting my security hat on)
I would prefer security awareness training happen continuously
and constantly(*), a yearly refresher/revalidation seems to be
the industry norm, where one agrees, yet again, that they are
aware of, and agree to, their roles and responsibilities.
(*) And not due to repeated "You opened *what* email attachment?"