Doug Goldstein <car...@gentoo.org> posted eafa4c130903101013s3bb64404g9e65ca0fc8973...@mail.gmail.com, excerpted below, on Tue, 10 Mar 2009 12:13:36 -0500:
> So really an effective solution might be for the recruiters/retirement > staff to change a user's shell with a script that spits out a message > that says something to the effect of: > > "You have been inactive for a while. Please contact recruiters to > re-enable your account. This was done as a security measure." > > Obviously a little friendlier would be better but everyone gets the > gist. That'll prevent them from logging into infra boxes and from being > able to do a commit. That does seem to take care of the security side (assuming the cracker can't simply contact recruiters and get reenabled, no verification), yes. That's my biggest concern. However, upon reading rane's replies, his point that if retaking the quizes is hard, they probably DO need the refresh, makes a lot of sense to me as well. But even tho the knowledge aspect applies to every returning dev while the security aspect above is (hopefully) low chance, lack of up-to-date tech and policy knowledge (as addressed by the quizes) at worst breaks a tree for a few hours or a package for perhaps a few months. If Gentoo devs as a group are willing to live with that, so am I as a Gentoo user and Gentoo system sysadmin. It's thus an entirely different level of discussion than that of a relatively lower chance but much higher damage potential security breach, which every Gentoo user (aka Gentoo system sysadmin) therefore has an interest in. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
