Gentoo Archives: gentoo-project

From: Raymond Jennings <shentino@×××××.com>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] How do you feel about non-contributing developers with commit access?
Date: Tue, 06 Nov 2018 13:07:30
In Reply to: [gentoo-project] How do you feel about non-contributing developers with commit access? by "Sam Jorna (wraeth)"
On Tue, Nov 6, 2018 at 1:16 AM Sam Jorna (wraeth) <wraeth@g.o> wrote:
> On 6/11/18 4:12 pm, Raymond Jennings wrote: > > From what I know, the undertakers project already has procedures in > > place for determining if a developer is inactive before they are > > retired, and I think the same procedures would apply just as easily > > I'm not quite sure what you mean here, and it's kind of the crux of the > question as I understand it - should $developer who appears inactive > based on $policy be forcibly retired. I'm suggesting $policy cater for > low commit frequency with no outstanding issues so long as they're > available (or reasonably devaway) and not detrimental to the distro.
By procedures I meant that the prospective retiree gets emailed a couple of times before they get reaped.
> > At the very least, once someone has passed muster with recruiters and > > whatnot they shouldn't have to do a heap of paperwork just to get back > > in. Maybe email once every few months to see if they're still > > responsive, and a quick check to make sure their SSH/GPG keys are > > still > > valid and that there are no technical issues, but I oppose any changes > > in one's status as a developer just on inactivity alone. > > I think this is also touching on another issue - re-recruitment of > previous developers. I agree with making sure things like keys are > up-to-date and there aren't any outstanding technical, maintenance, or > security issues, though. > > > If someone has proven they can contribute and be trusted they > > shouldn't be removed in my opinion. As long as they aren't slacking > > off or sabotaging the distro. Going AWOL /with/ outstanding work on > > your desk, such as open bugs against packages you maintain? That is > > more serious and should probably warrant attention from the > > undertakers. But just going quiet period? Not so much since their > > absence isn't hurting Gentoo. The question is: is their retention of > > access causing harm to gentoo or obstructing development? > > I don't think it's a question of obstructing development but of ensuring > there aren't any holes in security, such as retaining access for someone > that no-one's heard from and, as such, could have had anything happen, > including having passwords or keys stolen. > > I do think that gauging the difference between inactive and infrequent > is difficult, and don't really have any constructive suggestions on that > point as yet.
My suggestion is to attempt periodic contact, which if I read the docs is already the status quo as part of the retirement process.
> -- > Sam Jorna (wraeth) > GPG ID: 0xD6180C26 >