disabling access to passive developers is a good thing, as long time unused and unmaintained accounts are a typical security problem.
but please send a personal email to everyone explaining the situation and how to proceed, so people don't feel "kicked off" a project, only because they didn't submit patched for some time. we still love to get patches, but maybe it is best to send them with email, works very well for most of the contributors to opensc (i.e. authors of most drivers etc). > Set up something similar to the MAINTAINERS file in > Linux kernel, so that the list of actually supported > cards/sybsystems/features/whatnot could be verified if necessary and > dropped if needed. The list of maintainers must not be equal to the list > of commiters but at least have some more data than just "can commit" > associated with a name/contact. It will be hard to cover everything that > already is in OpenSC but hopefully it will evolve until it really is > clear, what is supported and what is dead code. not sure how well more or less active developers map to a MAINTAINERS file. but I think it would be good to ask for testing before the next release from trunk, and then clearly mark all cards without a full test result as "unsupported", "deprecated" or "incomplete" or something like that. a full test result for me is this: * full regression test suite for blank cards. some failures are ok, if they are documted and well known (e.g. pin0002 on starcos cards - nothing to worry about) * at least "pkcs11-tool --test --login" for already initialized cards. again some failures are ok (e.g. opensc trying some mechanisms on very restricted keys - for example signature cards restricted to few signing mechanisms, while opensc tries all mechanisms the card could support and doesn't know that this key is more restrictive). also plattforms should be tested well and the status published - different versions of operating systems, as well as pre-packaged binaries. (e.g. i tested ubuntu 10.04 beta recently, and for openct it will be the first working release as far as I remember). i.e. if there are no active testers and developers for some plattform, we should people know, even if opensc is in the ports collection or something like that. for example debian doesn't upgrade opensc right now, because it doesn't compile on debian kfreebsd. but we haven't had any user from that plattform ever, and even for all *BSD I don't remember any active user. well, that is my preference at least. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
