[arch-dev-public] Inactive developers and trusted users
Hello, as you know do you not only have to sign your package but also use a fully trusted key for this. There are a few developers and trusted users which are no longer able to publish packages due to this policy. I would suggest we set them as "inactive" in archweb, disable their ssh access and orphan their packages and bug reports. Don't get me wrong though; I don't want to kick anybody out and I'd be more than happy to welcome any of those back to our team. But if people are (temporary) inactive we need to know. Here is a list of people which didn't upload a gpg key to archweb at all. The had several months to do so and didn't reply to an additional mail I had sent in November last year. Dale Blount Aaron Griffin Tobias Kieslich Paul Mattal Mateusz Herych Imanol Celaya The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys. Kaiting Chen Kevin Piche Vesa Kaihlavirta If anybody know anything about the status of these fellow let me know. The first group can be set to inactive right away imho. I already talked to Vesa and he promised to get the missing signature soon. Finally I'd also like to encourage everyone to get all five master key signatures even if three are technically sufficient for now. Greetings, Pierre -- Pierre Schmitz, http://pierre-schmitz.com
On 20/02/12 03:15, Pierre Schmitz wrote:
Hello,
as you know do you not only have to sign your package but also use a fully trusted key for this. There are a few developers and trusted users which are no longer able to publish packages due to this policy. I would suggest we set them as "inactive" in archweb, disable their ssh access and orphan their packages and bug reports. Don't get me wrong though; I don't want to kick anybody out and I'd be more than happy to welcome any of those back to our team. But if people are (temporary) inactive we need to know.
Here is a list of people which didn't upload a gpg key to archweb at all. The had several months to do so and didn't reply to an additional mail I had sent in November last year.
Dale Blount Aaron Griffin Tobias Kieslich Paul Mattal Mateusz Herych Imanol Celaya
The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys.
Kaiting Chen Kevin Piche Vesa Kaihlavirta
If anybody know anything about the status of these fellow let me know. The first group can be set to inactive right away imho. I already talked to Vesa and he promised to get the missing signature soon.
Ack. I sent them all two emails to get their key signed too. None of those are that surprising. Probably should keep ssh access for Aaron as I believe he pops in once in a while even though he does not Allan
On 20/02/12 09:25, Allan McRae wrote:
On 20/02/12 03:15, Pierre Schmitz wrote:
Hello,
as you know do you not only have to sign your package but also use a fully trusted key for this. There are a few developers and trusted users which are no longer able to publish packages due to this policy. I would suggest we set them as "inactive" in archweb, disable their ssh access and orphan their packages and bug reports. Don't get me wrong though; I don't want to kick anybody out and I'd be more than happy to welcome any of those back to our team. But if people are (temporary) inactive we need to know.
Here is a list of people which didn't upload a gpg key to archweb at all. The had several months to do so and didn't reply to an additional mail I had sent in November last year.
Dale Blount Aaron Griffin Tobias Kieslich Paul Mattal Mateusz Herych Imanol Celaya
The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys.
Kaiting Chen Kevin Piche Vesa Kaihlavirta
If anybody know anything about the status of these fellow let me know. The first group can be set to inactive right away imho. I already talked to Vesa and he promised to get the missing signature soon.
Ack. I sent them all two emails to get their key signed too. None of those are that surprising. Probably should keep ssh access for Aaron as I believe he pops in once in a while even though he does not
package...
Allan
Am 19.02.2012 18:15, schrieb Pierre Schmitz:
The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys.
Kaiting Chen Kevin Piche Vesa Kaihlavirta
Vesa has now a fully trusted key. There was no response from neither Kevin nor Kaiting and they both have a key which isn't signed by anybody else. Any objections to set them inactive as well? Greetings, Pierre -- Pierre Schmitz, http://pierre-schmitz.com
On 26/02/12 04:15, Pierre Schmitz wrote:
Am 19.02.2012 18:15, schrieb Pierre Schmitz:
The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys.
Kaiting Chen Kevin Piche Vesa Kaihlavirta
Vesa has now a fully trusted key. There was no response from neither Kevin nor Kaiting and they both have a key which isn't signed by anybody else. Any objections to set them inactive as well?
Do it.
On Sun, 2012-02-26 at 07:56 +1000, Allan McRae wrote:
On 26/02/12 04:15, Pierre Schmitz wrote:
Am 19.02.2012 18:15, schrieb Pierre Schmitz:
The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys.
Kaiting Chen Kevin Piche Vesa Kaihlavirta
Vesa has now a fully trusted key. There was no response from neither Kevin nor Kaiting and they both have a key which isn't signed by anybody else. Any objections to set them inactive as well?
Do it.
Interesting. I've only received an email from Pierre about key signing. Unfortunately I've forgotten my passphrase anyways so would have to create another key. I'll setup another one on the keyserv and contact the master signers. k -- K. Piche <kpiche@rogers.com>
On 06/04/12 13:46, K. Piche wrote:
On Sun, 2012-02-26 at 07:56 +1000, Allan McRae wrote:
On 26/02/12 04:15, Pierre Schmitz wrote:
Am 19.02.2012 18:15, schrieb Pierre Schmitz:
The following people have a key but it is not fully trusted. That means their keys are not signed by at least three master keys.
Kaiting Chen Kevin Piche Vesa Kaihlavirta
Vesa has now a fully trusted key. There was no response from neither Kevin nor Kaiting and they both have a key which isn't signed by anybody else. Any objections to set them inactive as well?
Do it.
Interesting. I've only received an email from Pierre about key signing. Unfortunately I've forgotten my passphrase anyways so would have to create another key. I'll setup another one on the keyserv and contact the master signers.
I email kevin @ archlinux. If that no longer forwards somewhere useful then you should change you email address on your developer profile (once it is reinstated). Allan
participants (3)
-
Allan McRae
-
K. Piche
-
Pierre Schmitz