| 1 |
On Fri, 21 Dec 2012 17:57:44 +0100 |
| 2 |
Diego Elio Pettenò <flameeyes@×××××××××.eu> wrote: |
| 3 |
|
| 4 |
> > If someone has at some point contributed to Gentoo then why not let |
| 5 |
> > them keep their user around, should they want to come back. Of |
| 6 |
> > course this doesn't work retroactively, but I think it would be a |
| 7 |
> > cool tip of the hat to current and future developers. |
| 8 |
> |
| 9 |
> ... the users generally are kept, and locked, but also one of the |
| 10 |
> things that is done is archiving their home directory on dev.g.o as |
| 11 |
> it might be taking quite an amount of space. |
| 12 |
|
| 13 |
|
| 14 |
At my day job I'm the retirer (or BOFH depending who you speak to). |
| 15 |
I'll describe mt process, maybe you fellows can use it. |
| 16 |
|
| 17 |
Retiring people is too much effort, reinstating them doubly so; we |
| 18 |
all have better things to do with our time. There's only 3 things that |
| 19 |
get you retired or remvoed: |
| 20 |
|
| 21 |
1. Resign from the company |
| 22 |
2. Dramatically change your entire job (like move from technical to |
| 23 |
sales) |
| 24 |
3. Prove I was wrong giving you access at all (i.e show a long history |
| 25 |
of stupid, or demonstrate malice) |
| 26 |
|
| 27 |
Most systems are Operations, so people who need access will do so at |
| 28 |
least once in 90 days to keep the account alive. If the account is not |
| 29 |
used in a 90 day period, it is parked (essentially "locked", but the |
| 30 |
user can unlock it by going to a specific web site and auth'ing using |
| 31 |
two-factor (password and hardware dongle) |
| 32 |
|
| 33 |
There's a small list of exceptions for people where 90 days does not |
| 34 |
apply, like for me. I need access to everything (I'm last call in any |
| 35 |
emergency) and most systems I rarely touch but I must not be locked out. |
| 36 |
|
| 37 |
What emerges out of this is the most security and ease for the smallest |
| 38 |
effort. Works for me :-) |
| 39 |
|
| 40 |
-- |
| 41 |
Alan McKinnon |
| 42 |
alan.mckinnon@×××××.com |
Archives