[FFmpeg-devel] [RFC] dormant git accounts
Michael Niedermayer
michael at niedermayer.cc
Sun Nov 10 20:44:11 EET 2024
Hi all
On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote:
> Hi all
>
> Should we disable git accounts for developers who have not been active since
> a long time (like 10 years) ?
>
> (if these developers come back, the account would then be enabled again)
> but disabling such accounts may improve security (lots of "if" here but
> assuming they loose their key, assuming whoever gets hold of the key
> has interrest and ability to attack ffmpeg and and and, the risk here
> is likely low but not 0)
I count currently 127 people with git write access
above suggestion would disable around 33 accounts.
I cannot show the list because of GDPR
but the remaining 127-33 accounts are on this list:
git log --since 10.years --first-parent --pretty=fuller | grep '^Commit:' | sort | uniq
Note that above command will not produce a clean list. It requires manual
cleanup, "Commit:" is just a text field and not everything thats in that field
has or had a write account. But I cannot post peoples names or email addressed
If i hear noone objecting to this (and there are already multiple people
in favor) then i will disable the 33 accounts in a few days
Thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20241110/a32d8add/attachment.sig>
More information about the ffmpeg-devel
mailing list