Joerg Jaspert: We are currently reviewing the debian.org account database and checking a list of developer accounts that *appear* to be inactive.
We are currently reviewing the debian.org account database and
checking a list of developer accounts that *appear* to be inactive. The
purpose of this review is simply to minimise the number of live but
unused debian.org accounts since they (in sufficent numbers) are an
active security concern. It's _not_ intended as a judgement or
criticism of contributions to Debian made by those who may end up on
Individual developers will receive such a maintainer ping if one or more
of the following criteria apply to them. We recognise that these
criteria might also apply to active developers. If this applies to you,
please don't panic, just read on, the first action/response below is for
Possible reasons someone might receive such a maintainer ping
– Didn't vote in the last DPL election
As announced in February, we used the list of people who didn't
vote in the most recent DPL vote as one input.
– No package upload seen in the last 6 months
The archive database doesn't have a record of any uploads signed by
the developer's GPG key within the last 6 months.
– No package in the archive
Looking at the archive database again, we did not find any packages
that are maintained by this developer.
Future runs will also include:
– Listed in the MIA database
Listed in the MIA team's database as MIA. This usually should be covered
by one of the two above points already, but in case an orphaning
takes longer, it should get us additional input.
What to do when you receive such a maintainer ping?
* If you're still active
Simply send a reply to the ping, signed with your GPG key,
telling us that you are still active. If you do this, nothing will
happen to your account. We'd appreciate it if you could include a
short list of things you do within/for Debian so that we can
enhance our scripts for future checks.
* If you're no longer active
Please reply to the mail and confirm the inactive status of your
account, effectively resigning from Debian. This will set your
account to the “Emeritus” state, which means that it is disabled
and your key will be moved into the emeritus keyring. Your debian.org
mail will continue to work for 6 months before it is disabled,
so you have time to move mail handling elsewhere in case you are
still using the address.
Should you decide to come back to Debian later on, you do not need
to go through the full New-Maintainer process. There is a very
simplified and short “emeritus-checkup” available.
* If we get no reply or a bounce
In case we do not receive a reply within 2 months or your email
address bounces (and other attempts to reach you have failed), your
account will be set to the “Removed” state. This means it will be
disabled and the key will be moved into the removed keyring,
debian.org mail forwarding will stop working immediately, and a full
New-Maintainer process will be required in order to get back into
Numbers and self-disabled mail
The first maintainer ping will include around 400 Developers, which is a
lot. We plan to have more regular runs in the future, possibly every 4
months, so we do not have such a large number of pings in the future.
During the preparation of this maintainer ping, we found a few accounts
that may have disabled their debian.org mail handling via the
appropriate settings in our LDAP. While this is fine, we would like to
ask you to include information about different means of contacting you
in your message. A good example is “disabled, use foo at bar dot
net”, less good is “disabled, try googling for me”. In case you do not
want to include such information please consider mailing
firstname.lastname@example.org with the required information, and we will make sure
the mail gets sent to the alternative address if you ever end up
in such a ping. After all, we do not want to disable active accounts.
– bye Joerg