Okay but without that automation, is what the sysadmins seem to currently be doing (checking the maintainer file on fencepost before granting access) the correct process then? That seems to be an easy and concrete way for the sysadmins to validate requests for access.
That has never been the correct process. While that way might be easy for the FSF admins, it also excludes and hinders the GNU project by getting more people involved in daily work. Not everything is done by being a maintainer, there are many other roles. But if the intention is that it's more nebulous, as ams indicates, how are the sysadmins to validate which requests should be allowed without opening it up such that any random person can send an email and get access? Who is to make that call and how? I got my account as a random person many many decades ago by just asking -- before that I would login as rms, and my mail was via an alias to a file somewhere world writable. It is true that todays reality might be slightly different being far more hostile and we don't want to repeat the breaches that occured some decades before. So having some higher bar is sensible, for exmaple if another user of FP asks for an account for someone instead of anonymous requests (basically on recommendation) that should be just fine. What we should absolutley not do is to hinder people who are contributing something to the GNU project in roles other than maintainership from getting an account. If they need it, they should get one that has always been how we have done things.
