On Tue, 2019-02-19 at 16:54 -0500, Alec Warner wrote:
> > It seems like it would make far more sense to look at other direct
> > measures of activity than how up-to-date their gpg key is in the
> > keyservers.
> > 
> 
> I'm bad at GPG. However, I believe updating my keys to adapt to the policy
> took me about 30 minutes. Its required once every 12 months.
> 
> Where should we set the bar here, if not "please contribute at least 30
> minutes every year to retain your developership."
> 

There are a few problems here.

Firstly, we have a fair share of developers who don't follow any news,
and just do little Gentoo in their little corner.  You need to find
a way to communicate this new requirement to them.  They will be
probably outraged they have to do yet another thing to stay developers.

Secondly, retiring developers is a nasty business.  Imagine people who
haven't done anything in N years, ignore retirement mail and then insult
us that we didn't go out of our way to discover they've lost access to
their Gentoo account years ago and never bothered to ask for reinstating
it.  Now imagine what we're going to get for dare trying to retire
someone who ignored a few CAFF mails.  Or retiring the same person after
it ignored all the retirement mail.

Thirdly, as I said, it introduces operation gaps.  My original goal is
to make it possible for users to mail devs anytime.  It's not going to
be nice to have gaps of one week between old signature expiring
and developer getting around to publish a new one.  Not to mention
the obvious failure of importing the signature and forgetting to send it
to keyservers.

-- 
Best regards,
Michał Górny