[arch-dev-public] Inactive developers and trusted users
pierre at archlinux.de
Sun Feb 19 12:15:18 EST 2012
as you know do you not only have to sign your package but also use a
fully trusted key for this. There are a few developers and trusted users
which are no longer able to publish packages due to this policy. I would
suggest we set them as "inactive" in archweb, disable their ssh access
and orphan their packages and bug reports. Don't get me wrong though; I
don't want to kick anybody out and I'd be more than happy to welcome any
of those back to our team. But if people are (temporary) inactive we
need to know.
Here is a list of people which didn't upload a gpg key to archweb at
all. The had several months to do so and didn't reply to an additional
mail I had sent in November last year.
The following people have a key but it is not fully trusted. That means
their keys are not signed by at least three master keys.
If anybody know anything about the status of these fellow let me know.
The first group can be set to inactive right away imho. I already talked
to Vesa and he promised to get the missing signature soon.
Finally I'd also like to encourage everyone to get all five master key
signatures even if three are technically sufficient for now.
Pierre Schmitz, http://pierre-schmitz.com
More information about the arch-dev-public