On 20/02/12 03:15, Pierre Schmitz wrote:
Hello,
as you know do you not only have to sign your package but also use a fully trusted key for this. There are a few developers and trusted users which are no longer able to publish packages due to this policy. I would suggest we set them as "inactive" in archweb, disable their ssh access and orphan their packages and bug reports. Don't get me wrong though; I don't want to kick anybody out and I'd be more than happy to welcome any of those back to our team. But if people are (temporary) inactive we need to know.
Here is a list of people which didn't upload a gpg key to archweb at all. The had several months to do so and didn't reply to an additional mail I had sent in November last year.
Dale Blount Aaron Griffin Tobias Kieslich Paul Mattal Mateusz Herych Imanol Celaya
The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys.
Kaiting Chen Kevin Piche Vesa Kaihlavirta
If anybody know anything about the status of these fellow let me know. The first group can be set to inactive right away imho. I already talked to Vesa and he promised to get the missing signature soon.
Ack. I sent them all two emails to get their key signed too. None of those are that surprising. Probably should keep ssh access for Aaron as I believe he pops in once in a while even though he does not Allan