[FFmpeg-devel] [RFC] dormant git accounts
Rémi Denis-Courmont
remi at remlab.net
Sat Nov 9 20:04:47 EET 2024
Le lauantaina 9. marraskuuta 2024, 18.18.08 EET Michael Niedermayer a écrit :
> Hi all
>
> Should we disable git accounts for developers who have not been active since
> a long time (like 10 years) ?
Yes but git is probably the least dangerous of credentials to keep stale. A
backdoor getting pushed with a stale and stolen SSH private key would be
noticed and rectified in no time.
What most people are concerned about right now is the incomplete documentation
of any and all credentials - not just git write access - and more generally
the lack of transparency. Once that is sorted out, we can start arguing about
what should be revoked.
--
雷米‧德尼-库尔蒙
http://www.remlab.net/
More information about the ffmpeg-devel
mailing list