[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Handling of inactive Debian Accounts



Introduction
------------


We are currently reviewing the debian.org account database and
checking a list of developer accounts that *appear* to be inactive.  The
purpose of this review is simply to minimise the number of live but
unused debian.org accounts since they (in sufficent numbers) are an
active security concern.  It's _not_ intended as a judgement or
criticism of contributions to Debian made by those who may end up on
our radar.


Individual developers will receive such a maintainer ping if one or more
of the following criteria apply to them.  We recognise that these
criteria might also apply to active developers. If this applies to you,
please don't panic, just read on, the first action/response below is for
you.

Possible reasons someone might receive such a maintainer ping
-------------------------------------------------------------

 - Didn't vote in the last DPL election
     As announced[1] in February, we used the list of people who didn't
     vote in the most recent DPL vote as one input.

 - No package upload seen in the last 6 months
     The archive database doesn't have a record of any uploads signed by
     the developer's GPG key within the last 6 months.

 - No package in the archive
     Looking at the archive database again, we did not find any packages
     that are maintained by this developer.

Future runs will also include:
 - Listed in the MIA database
     Listed in the MIA team's database as MIA. This usually should be covered
     by one of the two above points already, but in case an orphaning
     takes longer, it should get us additional input.


What to do when you receive such a maintainer ping?
---------------------------------------------------

 * If you're still active

    Simply send a reply to the ping, signed with your GPG key,
    telling us that you are still active.  If you do this, nothing will
    happen to your account.  We'd appreciate it if you could include a
    short list of things you do within/for Debian so that we can
    enhance our scripts for future checks.

 * If you're no longer active

    Please reply to the mail and confirm the inactive status of your
    account, effectively resigning from Debian. This will set your
    account to the "Emeritus" state, which means that it is disabled
    and your key will be moved into the emeritus keyring. Your debian.org
    mail will continue to work for 6 months before it is disabled,
    so you have time to move mail handling elsewhere in case you are
    still using the address.

    Should you decide to come back to Debian later on, you do not need
    to go through the full New-Maintainer process. There is a very
    simplified and short "emeritus-checkup" available.

 * If we get no reply or a bounce
   
    In case we do not receive a reply within 2 months or your email
    address bounces (and other attempts to reach you have failed), your
    account will be set to the "Removed" state. This means it will be
    disabled and the key will be moved into the removed keyring,
    debian.org mail forwarding will stop working immediately, and a full
    New-Maintainer process will be required in order to get back into
    Debian.



Numbers and self-disabled mail
------------------------------

The first maintainer ping will include around 400 Developers, which is a
lot. We plan to have more regular runs in the future, possibly every 4
months, so we do not have such a large number of pings in the future.


During the preparation of this maintainer ping, we found a few accounts
that may have disabled their debian.org mail handling via the
appropriate settings in our LDAP[2]. While this is fine, we would like to
ask you to include information about different means of contacting you
in your message. A good example is "disabled, use foo at bar dot
net", less good is "disabled, try googling for me". In case you do not
want to include such information please consider mailing
da-manager@debian.org with the required information, and we will make sure
the mail gets sent to the alternative address if you ever end up
in such a ping. After all, we do not want to disable active accounts. :)



[1] http://lists.debian.org/debian-devel-announce/2007/02/msg00008.html
[2] http://lists.debian.org/debian-devel-announce/2006/12/msg00010.html

-- 
bye Joerg
<cryogen> gender is something i'll never really get either
<cryogen> (hmm, that looks bad out of context)

Attachment: pgpjVLPqfY7gl.pgp
Description: PGP signature


Reply to: