Re: Emeritus status, and email forwarding
]] Ian Jackson > I think that, with some safeguards[1], this would be a good thing to > offer people. If nothing else people have often used @d.o addresses > in Debian work, where the addresses live on after they move on, and we > should definitely encourage even an emeritus member to be reachable > for answering questions or whatever, as their time and interest > permits. I don't think we should do that. Once they've left the project, they don't and shouldn't have the ability to answer for Debian in any way. > Unfortunately it would mean that such people would still need some > kind of login on Debian systems, so that they could update the email > forwarding. But it wouldn't have to have the wide powers of an active > DD/DM account. > > What do people think ? How hard would this be ? It would make our already too complex setups even more complex, but that's not the reason why I think it's a bad idea. > The emeritus member should refrain from advertising the @debian.org > email address, so outgoing emails, web pages, etc., should be updated > to show a different address. Obviously the point of retaining the old > address is to avoid having to deal with a massive array of existing > places where the address is published, but there should be no active > uses, and any particular instances should be changed on requests by > Debian. The forwarding would have to be withdrawn if the emeritus > member continued to advertise their @d.o address, or if they did > something sufficiently bad that we would want to disassociate > ourselves from them more completely. I don't think we're in a position where we would be able to effectively police this, and so I don't think we should try either. Cheers, -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are
Re: Emeritus status, and email forwarding
Enrico Zini dijo [Wed, Nov 15, 2017 at 05:46:52PM +0100]: > I would be ok with saying that emeritus people who have a valid gpg key > can still have email forwarding, exporting the emeritus keyring > alongside the other keyrings, and handling email forwarding > configuration changes via chan...@db.debian.org, and key replacements as > usual. > > It would exclude people who don't have a viable gpg key anymore in the > keyring, or who are not interested in maintaining one, but that is > already the case mostly anywhere in Debian, and I don't see it as a > blocker for keeping forwarding working as long as someone is emeritus > and has a key in the emeritus keyring. > > I would also be ok saying that people whose keys in the emeritus keyring > become invalid over time, because they expire or because they are not > replaced when needed, move to "removed" status after a while. FWIW some other people have expressed procedure concerns on this topic, I am not repeating them. We (keyring-maint) do keep an Emeritus keyring. Given it is not really _used_, I had not checked its real status in a long time, but now I must really take off my hat towards Jonathan - It is quite well maintained. It used to be a very large directory: https://anonscm.debian.org/cgit/keyring/keyring.git/tree/emeritus-keyring-gpg?id=f6293ba7d7c4e775b3b83185e66da41f4765721f But since Jonathan removed short keys in it (as they are keys we will never use again and should no longer consider trusted), it became way smaller. Current view: https://anonscm.debian.org/cgit/keyring/keyring.git/tree/emeritus-keyring-gpg Anyway, we could continue to receive updates for and process the Emeritus' keyring, if any person in it was interested in doing so... I doubt it would be the case. We can also produce that keyring together with our updates if any infrastructure were to use it. I have a feeling it would mostly be over-engineering, though. Keeping the mail alias working "forever" sounds right, but I expect that any mail update requests would still end up in a human to implement. signature.asc Description: PGP signature