On 20/02/12 09:25, Allan McRae wrote: > On 20/02/12 03:15, Pierre Schmitz wrote: >> Hello, >> >> as you know do you not only have to sign your package but also use a >> fully trusted key for this. There are a few developers and trusted users >> which are no longer able to publish packages due to this policy. I would >> suggest we set them as "inactive" in archweb, disable their ssh access >> and orphan their packages and bug reports. Don't get me wrong though; I >> don't want to kick anybody out and I'd be more than happy to welcome any >> of those back to our team. But if people are (temporary) inactive we >> need to know. >> >> Here is a list of people which didn't upload a gpg key to archweb at >> all. The had several months to do so and didn't reply to an additional >> mail I had sent in November last year. >> >> Dale Blount >> Aaron Griffin >> Tobias Kieslich >> Paul Mattal >> Mateusz Herych >> Imanol Celaya >> >> The following people have a key but it is not fully trusted. That means >> their keys are not signed by at least three master keys. >> >> Kaiting Chen >> Kevin Piche >> Vesa Kaihlavirta >> >> If anybody know anything about the status of these fellow let me know. >> The first group can be set to inactive right away imho. I already talked >> to Vesa and he promised to get the missing signature soon. > > Ack. I sent them all two emails to get their key signed too. None of > those are that surprising. Probably should keep ssh access for Aaron > as I believe he pops in once in a while even though he does not
package... > Allan > >
