| 1 |
On Tue, 2019-02-19 at 16:54 -0500, Alec Warner wrote: |
| 2 |
> > It seems like it would make far more sense to look at other direct |
| 3 |
> > measures of activity than how up-to-date their gpg key is in the |
| 4 |
> > keyservers. |
| 5 |
> > |
| 6 |
> |
| 7 |
> I'm bad at GPG. However, I believe updating my keys to adapt to the policy |
| 8 |
> took me about 30 minutes. Its required once every 12 months. |
| 9 |
> |
| 10 |
> Where should we set the bar here, if not "please contribute at least 30 |
| 11 |
> minutes every year to retain your developership." |
| 12 |
> |
| 13 |
|
| 14 |
There are a few problems here. |
| 15 |
|
| 16 |
Firstly, we have a fair share of developers who don't follow any news, |
| 17 |
and just do little Gentoo in their little corner. You need to find |
| 18 |
a way to communicate this new requirement to them. They will be |
| 19 |
probably outraged they have to do yet another thing to stay developers. |
| 20 |
|
| 21 |
Secondly, retiring developers is a nasty business. Imagine people who |
| 22 |
haven't done anything in N years, ignore retirement mail and then insult |
| 23 |
us that we didn't go out of our way to discover they've lost access to |
| 24 |
their Gentoo account years ago and never bothered to ask for reinstating |
| 25 |
it. Now imagine what we're going to get for dare trying to retire |
| 26 |
someone who ignored a few CAFF mails. Or retiring the same person after |
| 27 |
it ignored all the retirement mail. |
| 28 |
|
| 29 |
Thirdly, as I said, it introduces operation gaps. My original goal is |
| 30 |
to make it possible for users to mail devs anytime. It's not going to |
| 31 |
be nice to have gaps of one week between old signature expiring |
| 32 |
and developer getting around to publish a new one. Not to mention |
| 33 |
the obvious failure of importing the signature and forgetting to send it |
| 34 |
to keyservers. |
| 35 |
|
| 36 |
-- |
| 37 |
Best regards, |
| 38 |
Michał Górny |
Archives