Path: csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod From: Nicholas D Steeves Newsgroups: linux.debian.maint.python Subject: Re: Thoughts on removing access to the Python teams repositories to inactive members ? Date: Tue, 20 Jan 2026 05:10:01 +0100 Message-ID: References: X-Original-To: Thomas Goirand , "debian-python@lists.debian.org" X-Mailbox-Line: From debian-python-request@lists.debian.org Tue Jan 20 04:05:02 2026 Old-Return-Path: X-Amavis-Spam-Status: No, score=-114.51 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Debian-User: sten X-Mailing-List: archive/latest/23632 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/87y0ltq697.fsf@digitalmercury.freeddns.org Approved: robomod@news.nic.it Lines: 74 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Cc: mia@qa.debian.org X-Original-Date: Mon, 19 Jan 2026 23:04:36 -0500 X-Original-Message-ID: <87y0ltq697.fsf@digitalmercury.freeddns.org> X-Original-References: <87ecnnlv3k.fsf@digitalmercury.freeddns.org> <885d9e95-07de-47d0-acae-d40a7e91128c@debian.org> Xref: csiph.com linux.debian.maint.python:17374 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable CCing MIA team in case they have a script that does what we're discussing, and because stale-Gitlab-account detection seems like something they might be interested in. Thomas Goirand writes: > On 1/17/26 11:42 PM, Nicholas D Steeves wrote: >> Thomas Goirand writes: >>> >>> BTW, as a Salsa admin, I thought that maybe, we should do the same >>> thing globally: at least *lock* inactive accounts with the rule: [snip] >>> Anyone to help me to write such a shell script? :) >>=20 >> Maybe base it on the GNOME project's Gitlab script? > > Where to find it? Sorry, I don't know; maybe someone on the GNOME team does? Also, I'm assuming upstream GNOME's Gitlab has a script... Meanwhile, if GNOME and KDE (which I just learned also switched to Gitlab) don't have a script, and we all pay for non-free Gitlab, maybe Gitlab would be willing write this feature if all of us write to Gitlab? It sounds like we want: 1. A function that will output a data structure that contains all accounts that haven't been used for an activity during a period; this function would check messaging, MR review activity, commits, etc. And we want for a namespace/team admin to be able to query activity for that namespace/team. Should the global scope be salsa admin[s] only (ie: maybe it's too resource-intensive)? 2. Filter that list to exclude accounts like an ACL like DD. 3. Ideally have a nice interface with checkboxes? 4. Notify user and give the user a chance to reactivate account to active status. 5. Maybe this feature could remind about MRs too, and/or be folded into some kind of stale-notify-decruft-section functionality? 6. Maybe run it as an scheduled job? Alternatively, this seems like a nice defensive policy to have thing for any Community Gitlab instance, so maybe the larger community would like to work on this together? Maybe they already have? Does this sound more like a leadership by example thing like reprobuild, or like a Debian working with other projects and communities for better policies and tools in an era of supply chain attacks? Cheers, Nicholas --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEE4qYmHjkArtfNxmcIWogwR199EGEFAmlu/tQQHHN0ZW5AZGVi aWFuLm9yZwAKCRBaiDBHX30QYRCjD/9P27UPY5y4lc1RofhZ6oiKoSpFXTfcCBDd 8a2zP9+Mo3aVPrdDqiMZc287+heBtHiaTCNtKTmelERgCEHQBAt8blImz57U8f0S ct7+/cuJrxVe/01QtAl+WWI8biPqJqYM3Yi03QhUEyB0xk/1y+zF0UrmiFsiyohT szUliQaqd3okGYZvCnch8GPShzlpe8DKl4abGUuLkSsm2RsoIFd/hFnaboH1U2dU Qu/vCXOeOsVVaAvYP1hT2j5sE4kf4llIeViwwwwap+p+at9trglRqQtSXEQIt3Wo 4XjOsh2Zx7RVWQCFzoFC+SpLh1K/io97IZUo4qtqXSHeDPFrVfElwgw8SgDqOrTo zcWMCM5kHPfC5/sArUkUTgaM7Cj0h7rvc5lYt+TEHcutGVa8wRWQvYsgkasqzIa3 4X3fB0g+L2x1+H/Y3RG7M8BTpxkB1snXa1cYQOogac04+GXym+XUmxPWDQ+oI5Vg k2gantaBpvYJ6jAq3Gw7dALf9luT9SsdFf528+H3he22uh63aFJiFvceLmzLe83M zkIzRocpS399XoCE0XjQjgHAs0Y0mZiTmSRlTRTlHWa2sqD2fXuBWS8+HMyalwTy H49tLyemxz17IB+z/7whZaojoMJxq9xtZkSUCqE1bFMJvp2s03DMXXMBDRzi5nVZ chIN1KGF1Q== =6OYH -----END PGP SIGNATURE----- --=-=-=--