1 |
On Sat, Nov 19, 2005 at 06:57:41PM +0100 or thereabouts, Danny van Dyk wrote: |
2 |
> | There are no provisions for key management and I cannot see an easy way to |
3 |
> | handle it. It's easy to add new keys, but how do we clean out old keys for |
4 |
> | retired arch testers? (including arch testers that "retire" without ever |
5 |
> | informing us) SSH doesn't log key ID as near as I can tell, so we have no |
6 |
> | way of tracking what keys are used and how often. Also, how do we |
7 |
> | definitively correlate an SSH key with an arch tester? |
8 |
> |
9 |
> Do we have to? Nobody has to track how often an Arch Tester uses RO |
10 |
> access to CVS, as you don't need that information. RO CVS access is a |
11 |
> service to the ATs. Their work is pretty much outside CVS... |
12 |
|
13 |
Yes, we have to. If someone retires, their access needs to be revoked. |
14 |
|
15 |
> | Now, the same question for email -- how do we manage aliases, especially |
16 |
> | for inactive, retired and semi-retired arch testers? We could track usage |
17 |
> | in logs, but between mailing list subscriptions, bugzilla |
18 |
> notifications and |
19 |
> | all sorts of other automated emails, that's not an accurate representation |
20 |
> | of whether an email alias is actively used or not. |
21 |
> Afaik the gentoo.org address is only a forward to their normal adress, |
22 |
> so one can hardly speak 'active usage'. You simply can't actively use |
23 |
> it! On the other hand, tracking down how active/inactive a AT/HT is |
24 |
> falls under the project the AT/HT is associated with, or the AT/HT |
25 |
> Project (hparker) as last resort. So if he says 'AT foo is inactive', |
26 |
> he's to be removed from email forwarding and CVS RO Access. I really |
27 |
> don't see the problem here. |
28 |
|
29 |
Because, in practice, this doesn't happen. Accounts (or, in this case, |
30 |
email addresses) stay around until someone gets enough of a bee under their |
31 |
bonnet to do somethig about it. Since there's no pain or cost for the |
32 |
AT/HT project lead, there's no reason for them to be vigilant about |
33 |
tracking activity. Plus, assuming we have a large number of these testers, |
34 |
how are people going to know whether or not one specific arch tester is |
35 |
active? That's not an acceptable solution. |
36 |
|
37 |
--kurt |