Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


Handling of inactive Debian Accounts

Joerg Jaspert: We are currently reviewing the account database and checking a list of developer accounts that *appear* to be inactive.

We are currently reviewing the account database and
checking a list of developer accounts that *appear* to be inactive. The
purpose of this review is simply to minimise the number of live but
unused accounts since they (in sufficent numbers) are an
active security concern. It's _not_ intended as a judgement or
criticism of contributions to Debian made by those who may end up on
our radar.

Individual developers will receive such a maintainer ping if one or more
of the following criteria apply to them. We recognise that these
criteria might also apply to active developers. If this applies to you,
please don't panic, just read on, the first action/response below is for

Possible reasons someone might receive such a maintainer ping

– Didn't vote in the last DPL election
As announced[1] in February, we used the list of people who didn't
vote in the most recent DPL vote as one input.

– No package upload seen in the last 6 months
The archive database doesn't have a record of any uploads signed by
the developer's GPG key within the last 6 months.

– No package in the archive
Looking at the archive database again, we did not find any packages
that are maintained by this developer.

Future runs will also include:
– Listed in the MIA database
Listed in the MIA team's database as MIA. This usually should be covered
by one of the two above points already, but in case an orphaning
takes longer, it should get us additional input.

What to do when you receive such a maintainer ping?

* If you're still active

Simply send a reply to the ping, signed with your GPG key,
telling us that you are still active. If you do this, nothing will
happen to your account. We'd appreciate it if you could include a
short list of things you do within/for Debian so that we can
enhance our scripts for future checks.

* If you're no longer active

Please reply to the mail and confirm the inactive status of your
account, effectively resigning from Debian. This will set your
account to the “Emeritus” state, which means that it is disabled
and your key will be moved into the emeritus keyring. Your
mail will continue to work for 6 months before it is disabled,
so you have time to move mail handling elsewhere in case you are
still using the address.

Should you decide to come back to Debian later on, you do not need
to go through the full New-Maintainer process. There is a very
simplified and short “emeritus-checkup” available.

* If we get no reply or a bounce

In case we do not receive a reply within 2 months or your email
address bounces (and other attempts to reach you have failed), your
account will be set to the “Removed” state. This means it will be
disabled and the key will be moved into the removed keyring, mail forwarding will stop working immediately, and a full
New-Maintainer process will be required in order to get back into

Numbers and self-disabled mail

The first maintainer ping will include around 400 Developers, which is a
lot. We plan to have more regular runs in the future, possibly every 4
months, so we do not have such a large number of pings in the future.

During the preparation of this maintainer ping, we found a few accounts
that may have disabled their mail handling via the
appropriate settings in our LDAP[2]. While this is fine, we would like to
ask you to include information about different means of contacting you
in your message. A good example is “disabled, use foo at bar dot
net”, less good is “disabled, try googling for me”. In case you do not
want to include such information please consider mailing with the required information, and we will make sure
the mail gets sent to the alternative address if you ever end up
in such a ping. After all, we do not want to disable active accounts. :)


– bye Joerg gender is something i'll never really get either (hmm, that looks bad out of context)

No Response to “Handling of inactive Debian Accounts” »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.