Am 28.09.2013 11:57, schrieb Florian Pritz:
Daenyth resigned on 27 Aug 2013 via Mail to Lukas with the subject "Re : TU Votes -- Reminder!". Apparently this has been missed so his accounts are still marked TU in the bbs and archweb and he is still listed as maintainer for 35 packages in archweb.
I've disabled his accounts on nymeria and brynhild, marked him "past TU" in the wiki and removed the TU status on flyspray. Someone else please take care of archweb and bbs.
This reminds me: We need some kind of policy regarding the gpg keys of fellow packagers. As soon as there are no longer packages in the repos we should remvoe the key from the keyring package. The question that remains is if master key holders should revoke their signatures on such keys. It's not so much I wouldn't trust fellow packagers anymore, but an uused but valid signing key in the wild is just an unnecessary risk imho. Let's say a former dev get his laptop and that key stolen in a few years. I am not sure if I would blame him if he would forget to inform us. Maybe a simple rule of thumb: keys that are not or no longer included in the keyring package cannot be valid. Greetings, Pierre -- Pierre Schmitz, https://pierre-schmitz.com