Re: Maintainership, vanishing or absent maintainers (QA)
On Sun, 28 Mar 1999, Darren O. Benham wrote:
> On Sun, Mar 28, 1999 at 05:21:55PM -0700, Jason Gunthorpe wrote:
> > Eh? You can't be a Debian developer without an account on master, if Lars
> Sure you can. Lars is.
Ah, let us be a little more clear here.
If we move to using a central directory for developers then anyone not in
that directory is NOT a developer. In theory the primary pgp/gpg key ring
would be generated from entries in the direction, pgp verification of
uploads and votes would be done against the directory, login account
management and authentication would be done against the directory, etc.
If you are a developer now and you don't have an account then you will get
one when we have a directory or you will not be a developer. Simple as
> Sure, but they don't have to be master. There's the other queues that can
> be uploaded to.. technically, someone on the web team doesn't even need an
> account on va.debian as long as they have a cvs password..
Yes, I am aware of upload queues and CVS.. CVS is difficult to track
unfortunately :< The upload queues could be done with a timer like
mechanism that I described for the login process..
> > As for remembering passwords, you can always just re-enter the old one I
> > suppose.
> As long as it's allowed. The last time I had expiring passwords, they
> could not be the same.
I know that is the default, I think I'd disable that feature though..
We've got enough people now that we have to find some way to identify
inactive developers, or at some point we will have 1000 developers with
only 200 active and any vote will fail due to an impossible quarum!
This is a nice simple mechanism, a developer has to do one of these at
least once a year:
Login to master/va/faure/etc
Upload a package
Send a pgp signed email to some address
How does that sound? (quite a bit different then simple password aging :>)
If a developer does not do the above in a year and a month then their
developer status is suspended and they must do some procedure to
re-activate their developer status (what this procedure would be is
Just before the year mark an automated email could be sent, at the year
mark another could be sent and at the year and a month mark an automated
mail to -private could be sent (and theoretically all their packages
should magically become the property of debian-qa?)
Maybe after 2 years or so their information would be dropped from the
database and they would have to re-do the new-maintainer process?
How is that for some other ideas? [Times and numbers are subject to
adjustment of course]