On Fri, 21 Dec 2012 17:57:44 +0100 Diego Elio Pettenò <flamee...@flameeyes.eu> wrote:
> > If someone has at some point contributed to Gentoo then why not let > > them keep their user around, should they want to come back. Of > > course this doesn't work retroactively, but I think it would be a > > cool tip of the hat to current and future developers. > > ... the users generally are kept, and locked, but also one of the > things that is done is archiving their home directory on dev.g.o as > it might be taking quite an amount of space. At my day job I'm the retirer (or BOFH depending who you speak to). I'll describe mt process, maybe you fellows can use it. Retiring people is too much effort, reinstating them doubly so; we all have better things to do with our time. There's only 3 things that get you retired or remvoed: 1. Resign from the company 2. Dramatically change your entire job (like move from technical to sales) 3. Prove I was wrong giving you access at all (i.e show a long history of stupid, or demonstrate malice) Most systems are Operations, so people who need access will do so at least once in 90 days to keep the account alive. If the account is not used in a 90 day period, it is parked (essentially "locked", but the user can unlock it by going to a specific web site and auth'ing using two-factor (password and hardware dongle) There's a small list of exceptions for people where 90 days does not apply, like for me. I need access to everything (I'm last call in any emergency) and most systems I rarely touch but I must not be locked out. What emerges out of this is the most security and ease for the smallest effort. Works for me :-) -- Alan McKinnon alan.mckin...@gmail.com
