From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EdXEu-0002sM-5b for garchives@archives.gentoo.org; Sat, 19 Nov 2005 18:15:04 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAJIDqSS015299; Sat, 19 Nov 2005 18:13:52 GMT Received: from jaguar.lieber.org (jaguar.lieber.org [217.160.252.168]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAJIBHae005033 for ; Sat, 19 Nov 2005 18:11:17 GMT Received: from localhost (localhost [127.0.0.1]) by jaguar.lieber.org (Postfix) with ESMTP id AE73729C1F3 for ; Sat, 19 Nov 2005 18:15:47 +0000 (UTC) Received: from jaguar.lieber.org ([127.0.0.1]) by localhost (jaguar.lieber.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28352-16 for ; Sat, 19 Nov 2005 18:15:45 +0000 (UTC) Received: by jaguar.lieber.org (Postfix, from userid 1001) id 3B2B929C101; Sat, 19 Nov 2005 18:15:45 +0000 (UTC) Date: Sat, 19 Nov 2005 18:15:44 +0000 From: Kurt Lieber To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] implementation details for GLEP 41 Message-ID: <20051119181544.GX12982@mail.lieber.org> References: <20051119170615.GW12982@mail.lieber.org> <437F6795.7000307@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gh4H09KImyIEQ1se" Content-Disposition: inline In-Reply-To: <437F6795.7000307@gentoo.org> X-GPG-Key: http://www.lieber.org/kurtl.pub.gpg User-Agent: Mutt/1.5.8i X-Virus-Scanned: amavisd-new at lieber.org X-Spam-Status: No, score=-5.838 tagged_above=-999 required=5.5 tests=[ALL_TRUSTED=-3.3, AWL=-0.055, BAYES_00=-2.599, EXCUSE_3=0.116] X-Spam-Score: -5.838 X-Spam-Level: X-Archives-Salt: e87d7d2f-8872-4517-96a7-8085fbfe9a0a X-Archives-Hash: 8132fdb4b6d3d9fcb24d3e3613977933 --gh4H09KImyIEQ1se Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline On Sat, Nov 19, 2005 at 06:57:41PM +0100 or thereabouts, Danny van Dyk wrote: > | There are no provisions for key management and I cannot see an easy way to > | handle it. It's easy to add new keys, but how do we clean out old keys for > | retired arch testers? (including arch testers that "retire" without ever > | informing us) SSH doesn't log key ID as near as I can tell, so we have no > | way of tracking what keys are used and how often. Also, how do we > | definitively correlate an SSH key with an arch tester? > > Do we have to? Nobody has to track how often an Arch Tester uses RO > access to CVS, as you don't need that information. RO CVS access is a > service to the ATs. Their work is pretty much outside CVS... Yes, we have to. If someone retires, their access needs to be revoked. > | Now, the same question for email -- how do we manage aliases, especially > | for inactive, retired and semi-retired arch testers? We could track usage > | in logs, but between mailing list subscriptions, bugzilla > notifications and > | all sorts of other automated emails, that's not an accurate representation > | of whether an email alias is actively used or not. > Afaik the gentoo.org address is only a forward to their normal adress, > so one can hardly speak 'active usage'. You simply can't actively use > it! On the other hand, tracking down how active/inactive a AT/HT is > falls under the project the AT/HT is associated with, or the AT/HT > Project (hparker) as last resort. So if he says 'AT foo is inactive', > he's to be removed from email forwarding and CVS RO Access. I really > don't see the problem here. Because, in practice, this doesn't happen. Accounts (or, in this case, email addresses) stay around until someone gets enough of a bee under their bonnet to do somethig about it. Since there's no pain or cost for the AT/HT project lead, there's no reason for them to be vigilant about tracking activity. Plus, assuming we have a large number of these testers, how are people going to know whether or not one specific arch tester is active? That's not an acceptable solution. --kurt --gh4H09KImyIEQ1se Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDf2vQJPpRNiftIEYRAqdGAKCWCwhCvNTooB5Xvej5SVEOCCthzgCff2py yoO2gUNriI5t1Wvx0Vyx9hw= =Djoh -----END PGP SIGNATURE----- --gh4H09KImyIEQ1se-- -- gentoo-dev@gentoo.org mailing list