#1168 Non responsive maintainer due to death.
Closed None Opened 10 years ago by msuchy.

We have process for nonresponsive maintainer.
http://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers
Can we please enhance it to count in with dead people?

I hit this when I reviewed membership of coprgit group (this give commit access to copr.git). And Seth is still member of this group, which is potential security risk, because he will not be changing his password any more, because he is dead.

And he is still owner of 3 packages:
https://admin.fedoraproject.org/pkgdb/users/packages/skvidal?acls=owner

Current policy assume that somebody is willing to take over this package, but in such case that developer dies, we should short circuit the process and orphan them (and announce it) so people can actually take over it as soon as possible and not wait for first issue.

Additionally their FAS should be switch to inactive - not sure how it is done and not sure how it affect their ability to commit.


There is no security risk. His password and ssh key were reset as soon as we knew.

Yes, we should reassign his packages and mark him inactive.

I don't know that this needs a policy change, just perhaps confirmation to fesco about the event so packages/account can be inactive (which I already have).

account can be inactive (which I already have)

here it say that is active:
https://admin.fedoraproject.org/accounts/user/view/skvidal

I was speaking in general terms about process, I have not yet inactivated his account.

I wish to look into making sure his open source contributions on fedorapeople.org can still be made available.
(which will not be the case if I just inactivate his account right now).

I have now removed skvidal from all active packages acls (orphaning where he was owner), and marked his account inactive.

I'm not sure FESCo needs to do anything further here unless they wish to adjust the policy for this situation...

I don't think we need a special policy for such very much hopefully rare event.

A lot of our contributors are young. Or at least not too old. But I expect that this will change in few (dozen) years.

We have currently 1417 approved packager. Life expectancy is 67 years. If we would have normal distribution of age of contributors, it would mean that 21 developers would die per year!
Edit: 27 per year as I must count first 15 years as non productive.

As much as I hate to say it, we should count in with deaths.

I think we should count with deaths the way we did in this case - act reasonably and not try to make everything written in policy.

I think it's still reasonable enough that we don't need to change the /non-responsive maintainers/ policy. We do need to make sure these are handled, but I think simply marking them inactive and dealing with the repercussions on an ad-hoc basis is probably fine.

From 2013-09-04 FESCo meeting:
* AGREED: No need to change policies for this - handle reasonably if
it occurs with ticket to fesco and/or infrastructure (+:6, -:0, 0:0)
(notting, 19:32:02)

Closing as 'fixed' for the particular incident that precipitated this request.

Login to comment on this ticket.

Metadata