Closed
Bug 524153
Opened 15 years ago
Closed 15 years ago
Deactivate dormant accounts for CVS, SVN, Hg
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gerv, Assigned: aravind)
References
Details
(Whiteboard: 01/15/2010)
Attachments
(3 obsolete files)
The dormant accounts policy has been agreed, and accounts which have been dormant for more than six months should be deactivated. The files containing the account names of the dormant accounts are attached.
Gerv
Reporter | ||
Comment 1•15 years ago
|
||
Reporter | ||
Comment 2•15 years ago
|
||
Reporter | ||
Comment 3•15 years ago
|
||
Reporter | ||
Comment 4•15 years ago
|
||
Please let me know if you need any more information from me.
Gerv
Comment 5•15 years ago
|
||
Er, what? I know for a fact that the Hg list is completely wrong. Please hold off on completing this request.
Comment 6•15 years ago
|
||
Comment on attachment 408050 [details]
Hg dormant accounts
>-mkmelin+mozilla@iki.fi,Hg
You sure about that?
Comment 7•15 years ago
|
||
Reassigning to Gerv to get this off IT's queue until issues have been resolved.
Assignee: server-ops → gerv
Updated•15 years ago
|
Attachment #408050 -
Attachment is obsolete: true
Updated•15 years ago
|
Attachment #408051 -
Attachment is obsolete: true
Updated•15 years ago
|
Attachment #408052 -
Attachment is obsolete: true
Comment 8•15 years ago
|
||
FYI, I'm taking my issues to the newsgroup, as that's a more appropriate place.
Should this bug just be closed until such issues have been resolved, or do we just want to leave it open but assigned to Gerv until then?
Comment 9•15 years ago
|
||
(In reply to comment #8)
> FYI, I'm taking my issues to the newsgroup, as that's a more appropriate place.
http://groups.google.com/group/mozilla.governance/msg/1d76bb9ffd809eb1
Comment 10•15 years ago
|
||
The list of people you want to deactivate for SVN is not accurate, you have in your list people whose SVN access was removed last August at my request:
https://bugzilla.mozilla.org/show_bug.cgi?id=510511
You also have people that I know have committed in the last months as well as the whole IT team
Reporter | ||
Comment 11•15 years ago
|
||
Pascal: thank you for that report; that seems to be a flaw in the list of "all accounts" sent to me by IT. I will take that up with them.
Can you please give examples of people you know have committed to SVN in the last six months?
Gerv
Comment 12•15 years ago
|
||
aserkant@linux-sevenler.org has committed in June for the 3.5 release.
Other examples of people that committed recently:
bienvenu@nventure.com
bogdancev@i.ua
fred.castles@laposte.net
Comment 13•15 years ago
|
||
I did not commit to CVS for some time, but I'd like to keep my account (marcoos@firefox.pl) until we stop supporting Firefox 3.0. If any (important) bugs are found in 3.0 Polish localization, I'd like to be able to fix them. Other localizers on that list may have similar wishes. :)
Reporter | ||
Comment 14•15 years ago
|
||
mkmelin appears to have the following accounts:
mkmelin+mozilla@iki.fi,CVS
mkmelin+mozilla@iki.fi,Hg
mkmelin@iki.fi,Hg
He appears to be checking in using the "+mozilla" version. Now I know from an email perspective the two Hg accounts are the same, but I don't know if that's true from an Hg account perspective. Can anyone with knowledge of Hg clarify?
Pascal: my new trawl for SVN has fred.castles and bienvenu.
I have sergiy.bogdancev@gmail.com committing but not bogdancev@i.ua. Are those the same person? Perhaps he has two accounts and is only using one? Or his account has changed name, and he hasn't committed since?
I still have no record of aserkant@linux-sevenler.org committing to SVN between the end of April and now. Can you point me at the commit so I can see why I'm missing it?
Thanks,
Gerv
Comment 15•15 years ago
|
||
For Aserkant:
http://viewvc.svn.mozilla.org/vc/?view=query&dir=&file=&file_match=exact&who=aserkant%40linux-sevenler.org&who_match=exact&comment=&comment_match=exact&querysort=date&hours=2&date=all&mindate=&maxdate=&limit_changes=100
the 2 emails for bogdancev are indeed the same person (and pascalc@gmail.com is me but I no longer use this account for commits ;) )
Reporter | ||
Comment 16•15 years ago
|
||
Pascal: the checkins at the URL you give are all dated 2008 and 2007, which is outside the range I'm looking at (last 6 months).
I'm not sure what we do with people changing their names. I guess we run the script twice a month apart, and only deactivate people who show up on both runs.
Gerv
Comment 17•15 years ago
|
||
ah my bad, I thought it was 2009
Comment 18•15 years ago
|
||
Nothing for IT to do here until there's an accurate list.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
Reporter | ||
Comment 19•15 years ago
|
||
We now have a list which I think is a great deal more accurate. The issues listed above have been addressed (including the fact that we preserve a set of nominated IT-owned accounts for SVN), and anyone who has got an LDAP account within the last month is excluded. If someone got a new level of access recently and still hasn't checked in anywhere, we can't detect that, so there's still a small possibility of false positives, but this is as good as it's going to get with the tools we have.
Please can IT deactivate all accounts listed in the dormant-* files in this directory?
http://hg.mozilla.org/users/gerv_mozilla.org/active-accounts/file/af616cfd5502/365
We'll start with those inactive for 12 months or more. If that goes OK, we may reduce N to six months.
As soon as it's done, please comment here so I can publicise it, so if there is still the odd problem with the list, people affected know how to get their accounts reactivated quickly.
Gerv
Status: RESOLVED → REOPENED
Resolution: INCOMPLETE → ---
Updated•15 years ago
|
Assignee: gerv → server-ops
Comment 20•15 years ago
|
||
Gerv - is this blocked on 524080 or not?
Reporter | ||
Comment 21•15 years ago
|
||
mrz: in what sort of timescale do you think you can implement a fix for bug 524080? If the answer is days, then yes, it would be good to get that first. If it will take weeks or months, then I say we should just go ahead with this, and use publicity to make people aware of what might have happened.
Gerv
Comment 22•15 years ago
|
||
I just used my CVS account today. Could you please take me off the dormant CVS list? Thanks. :)
Comment 23•15 years ago
|
||
I've talked to Gerv about setting some time frame to get the back end LDAP and IT tools infrastructure configured to support this.
Aravind articulated a number of these in bug 524080 and I'm making this dependent on that.
Working towards 01/15/2010 to wrap this up.
Assignee: server-ops → aravind
Component: Server Operations: Account Requests → Server Operations
Depends on: 524080
Whiteboard: 01/15/2010
Since we're already about 3 months past the generation of Gerv's most recent list of accounts to be disabled, I hope that new lists will be generated before disabling ;)
In the event that doesn't happen, I have been actively using my Hg account recently as well, so could you please take me off the dormant Hg list? Thanks. :)
Assignee | ||
Comment 25•15 years ago
|
||
Okay, made some progress here. LDAP now has a timestamp for the last svn|hg activity on an account. I now have a script in place that parses ldap activity every 15 minutes and updates the svn|hg accounts with this information.
The missing part is a script that looks through ldap and disabled accounts with last activity > 12 months. I should have this part done sometime today as well.
Note that I haven't done anything with cvs accounts here. That part is still manual and will have to be that way for some time. If we want to automate that we have to spend some time and write a different set of script to work on the cvs server (it doesn't use ldap).
@Gerv: Can you go through and update the dormant-(svn|hg) files in your repo. Also just an fyi for you, we are now also bringing up a git server (that authenticates off ldap) for folks in webdev. We probably need a similar policy there.
Comment 26•15 years ago
|
||
(In reply to comment #25)
> We probably need a similar policy there.
Probably need one for bzr.mozilla.org as well.
Assignee | ||
Comment 27•15 years ago
|
||
@Gerv: I have the scripts ready to start locking out old accounts. Is the list in your mercurial repo good? If it is, I will go ahead and mark those accounts inactive.
Reporter | ||
Comment 28•15 years ago
|
||
OK, the list in the Mercurial repo is now good. Aravind: go for it! :-)
http://hg.mozilla.org/users/gerv_mozilla.org/active-accounts/
http://hg.mozilla.org/users/gerv_mozilla.org/active-accounts/file/a4008243abb1/365
(Let's worry about git and bzr another day.)
Gerv
Assignee | ||
Comment 29•15 years ago
|
||
I disabled svn and hg accounts in LDAP. I also disabled cvs accounts in the shadow file and added a DISABLED string to ssh key.
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
Comment 30•15 years ago
|
||
I am still using cvs.m.o -- really!
/be
Reporter | ||
Comment 31•15 years ago
|
||
Brendan: bug 558206 filed.
Gerv
Assignee | ||
Comment 32•14 years ago
|
||
Its been enough time since we closed the bug and I have now changed the scripts to disable accounts after being inactive for 6 months.
Comment 33•13 years ago
|
||
> after being inactive for 6 months.
This is way too sharp. I contribute constantly, but irregularly, since 12 years, and this makes contributing a pain. Not everybody works for Mozilla full-time.
Updated•10 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•