Filing a bug to remind robbat2. From mail: > I think we can make it so that you do the cleanup whenever you want but > from outside and other developer point of view they are retired as their > access is entirely cut off. There's no hurry to cleanup on dev.gentoo.org. Hmm, maybe alter the scripts on dev.g.o to move homedirs as such: mv /home/$USER /home/PENDING-CLEANUP/$USER That should make the rest of the process more automated, I'd just want to put in some safety checks (specifically, if you try to retire somebody with gentooAccess lines beyond the cvs/dev ones, it's going to reject you because they need explicit human attention).
Shouldn't we acknowledge that infra is too busy to get this script written by now? Could we get the list of requirements for the script (and sources for existing stuff if something already exists) so that we could provide you an initial updated version.
Petteri, There has been more than one offer to help from within the infra team. The general response is that it takes more time to set up access to all the required bits than to just write the script.
(In reply to comment #2) > Petteri, There has been more than one offer to help from within the infra team. > The general response is that it takes more time to set up access to all the > required bits than to just write the script. > Why do you need access bits to write code?
(In reply to comment #3) > (In reply to comment #2) > > Petteri, There has been more than one offer to help from within the infra team. > > The general response is that it takes more time to set up access to all the > > required bits than to just write the script. > > > > Why do you need access bits to write code? > I believe they need to set up access such that when someone not in Infra runs said script they can actually perform all the retirement operations.
(In reply to comment #4) > > I believe they need to set up access such that when someone not in Infra runs > said script they can actually perform all the retirement operations. > Can't the script just be available through sudo?
Ok, I implemented the side of the pending directory for running the scripts, but in doing so I discovered a timing attack. The LDAP and woodpecker retirement MUST be done very close to concurrently. Otherwise there are a number of actions that can cause the homedir to be recreated. On the plus side, I can process them now much faster myself, so I'm doing the backlog right now.
33 retirements done now. Noticed one more thing that would speed up stuff. Need an explicit single field to contain the mail forwarding destination: mbox OR an email address.
(In reply to comment #6) > > On the plus side, I can process them now much faster myself, so I'm doing the > backlog right now. > 13:02 <@jmbsvicetto> Betelgeuse / rane: We have 20 developers bugs waiting for infra for more than 2 months Should we revisit this issue if we are not able to keep the backlog from growing?
backlog processed now. Barring any major issues, I'm going to try to run the retirement process on the 1st day of every odd-numbered month, or the closest day after that I'm available to. Somebody remind me for January first.
(In reply to comment #9) > backlog processed now. > > Barring any major issues, I'm going to try to run the retirement process on the > 1st day of every odd-numbered month, or the closest day after that I'm > available to. Somebody remind me for January first. It doesn't seem like this is happening as for example Arfrever has been waiting processing for multiple months. I am reopening this bug for infra to reconsider. https://bugs.gentoo.org/show_bug.cgi?id=246793
(In reply to comment #10) > (In reply to comment #9) > > backlog processed now. > > > > Barring any major issues, I'm going to try to run the retirement process on the > > 1st day of every odd-numbered month, or the closest day after that I'm > > available to. Somebody remind me for January first. > > It doesn't seem like this is happening as for example Arfrever has been waiting > processing for multiple months. I am reopening this bug for infra to > reconsider. > > https://bugs.gentoo.org/show_bug.cgi?id=246793 I will be the undertaker liaison for infra. I did my first two retirements today (cbrannon and arfrever.) I will clean the queue by end of month (October.) The process is still quite haphazard and doing it properly still requires root on basically everything; it really isn't kosher for us to hand that out. That being said! I think we can likely improve the well-scripted parts and give them to undertakers. I think that is a fine goal. Lets not make perfect the enemy of the good. -A
retirement team: please nominate one or two people, possible the team lead to have power to trigger retirements for developers.
(In reply to Robin Johnson from comment #12) > retirement team: > please nominate one or two people, possible the team lead to have power to > trigger retirements for developers. We do have now two leads. Can we proceed?
