Handling of inactive Debian Accounts

Posted by Scott_Ruecker on Jul 13, 2007 5:55 PM EDT
Debian.org; By Joerg Jaspert
Mail this story
Print this story

We are currently reviewing the debian.org account database and checking a list of developer accounts that *appear* to be inactive. The purpose of this review is simply to minimize the number of live but unused debian.org accounts since they (in sufficient numbers) are an active security concern. It's _not_ intended as a judgment or criticism of contributions to Debian made by those who may end up on our radar.

We are currently reviewing the debian.org account database and
checking a list of developer accounts that *appear* to be inactive.  The
purpose of this review is simply to minimise the number of live but
unused debian.org accounts since they (in sufficent numbers) are an
active security concern.  It's _not_ intended as a judgement or
criticism of contributions to Debian made by those who may end up on
our radar.

Individual developers will receive such a maintainer ping if one or more of the following criteria apply to them. We recognise that these criteria might also apply to active developers. If this applies to you, please don't panic, just read on, the first action/response below is for you.

Possible reasons someone might receive such a maintainer ping ------------------------------------------------------------

- Didn't vote in the last DPL election As announced[1] in February, we used the list of people who didn't vote in the most recent DPL vote as one input.

- No package upload seen in the last 6 months The archive database doesn't have a record of any uploads signed by the developer's GPG key within the last 6 months.

- No package in the archive Looking at the archive database again, we did not find any packages that are maintained by this developer.

Future runs will also include: - Listed in the MIA database Listed in the MIA team's database as MIA. This usually should be covered by one of the two above points already, but in case an orphaning takes longer, it should get us additional input.

What to do when you receive such a maintainer ping? --------------------------------------------------

* If you're still active

Simply send a reply to the ping, signed with your GPG key, telling us that you are still active. If you do this, nothing will happen to your account. We'd appreciate it if you could include a short list of things you do within/for Debian so that we can enhance our scripts for future checks.

* If you're no longer active

Please reply to the mail and confirm the inactive status of your account, effectively resigning from Debian. This will set your account to the "Emeritus" state, which means that it is disabled and your key will be moved into the emeritus keyring. Your debian.org mail will continue to work for 6 months before it is disabled, so you have time to move mail handling elsewhere in case you are still using the address.

Should you decide to come back to Debian later on, you do not need to go through the full New-Maintainer process. There is a very simplified and short "emeritus-checkup" available.

* If we get no reply or a bounce In case we do not receive a reply within 2 months or your email address bounces (and other attempts to reach you have failed), your account will be set to the "Removed" state. This means it will be disabled and the key will be moved into the removed keyring, debian.org mail forwarding will stop working immediately, and a full New-Maintainer process will be required in order to get back into Debian.



Numbers and self-disabled mail -----------------------------

The first maintainer ping will include around 400 Developers, which is a lot. We plan to have more regular runs in the future, possibly every 4 months, so we do not have such a large number of pings in the future.

During the preparation of this maintainer ping, we found a few accounts that may have disabled their debian.org mail handling via the appropriate settings in our LDAP[2]. While this is fine, we would like to ask you to include information about different means of contacting you in your message. A good example is "disabled, use foo at bar dot net", less good is "disabled, try googling for me". In case you do not want to include such information please consider mailing [e-mail:da-manager@debian.org] with the required information, and we will make sure the mail gets sent to the alternative address if you ever end up in such a ping. After all, we do not want to disable active accounts. :)



[1] http://lists.debian.org/debian-devel-announce/2007/02/msg00008.html [2] http://lists.debian.org/debian-devel-announce/2006/12/msg00010.html

bye Joerg gender is something i'll never really get either (hmm, that looks bad out of context)

  Nav
» Read more about: Story Type: News Story; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.