Joerg Jaspert announces that action should be taken on the unused accounts, as Debian gets more and more accounts.
as Debian gets more and more accounts it is only natural that we have
more and more unused accounts. People get MIA, find different interests
or simply lost interest in Debian but did not follow the normal
procedure of retiring.
To reduce the security risk an unused open account has, and also to get
the number of Developers to reflect the reality, we, the Debian Account
Managers, decided to do regular “WaT” runs.
Selection of the people included in those runs will be done in a way
that we avoid sending out such mails to active people. As a good start
we will take the upcoming DPL vote as an input source, everyone who doesn't
vote this year will be included in the first run.
* Please note that you can vote without expressing an opinion! *
Later on there should be more such runs, on a regular base. Input of
affected accounts can be (apart from future DPL election non-voters) the
great work from the MIA-team, but details for that need to be worked
We currently have 4 states for any given account in LDAP:
[default] is obviously what the majority of accounts has. No need to
Memorial is a special state used for accounts that are disabled
but which we don't want reused to avoid confusion (at best), e.g. with
developers who've passed away.
Now, for the handling of the WaT runs, Emeritus and Disabled are the two
important states here:
To get into the Emeritus state you voluntarily retire from the project,
following  or by replying to a WaT mail.
The account will be put into the 'emeritus' state. It will get locked
and their keys are moved to a separate keyring. Their email will
continue to work for 6 months. They lose vote, upload and -private
People in this stage can get their DD status back with a reduced NM
The disabled state is for people where the WaT mail bounced or who don't
reply. For the first 12 months things are the same as 'emeritus', after
that they will need to pass full NM if they want to get their DD status
 *W*here *a*re *T*hey?
– bye Joerg It seems to me that the account creation step could be fully automated: checking the box “approved by DAM” could trigger an insert into the LDAP database thereby creating the account. <firstname.lastname@example.org>