Inactive packagers SOP

This document outlines procedures for processing inactive package maintainers. FESCo approved a policy for removing inactive packagers. In concert with the Provenpackager policy, this policy is intended to reduce the risk of account compromise for inactive packagers.

Timing/trigger

This process occurs once per release. The initial list of inactive packagers is created a week before Beta freeze. Removal of inactive packagers happens a week after the final release.

We wait until after the final release to prevent orphaning packages near/during a freeze, which could be very unpleasant.

Procedures

Both parts of the process require the find-inactive-packagers script. By default, it will open issues in the find-inactive-packagers repo.

Build list of inactive packagers

  1. Generate a kerberos ticket with fkinit -u <YOUR FEDORA ACCOUNT ID>

  2. Set your Pagure API key with export PAGURE_API_KEY=<YOUR_API_KEY>

  3. Run python3 find_inactive_packagers.py --privacy step-one --open-tickets . This opens Pagure tickets for each packager. It also produces a inactive_packagers.csv file listing the inactive packagers it found.

  4. Send a list of inactive packagers to devel-announce. See the template below.

  5. (optional) Run python3 find-inactive-pacakgers.py check-impact. This will generate a list of pacakges that will be orphaned. This uses open tickets. It does not perform an additional check. You can re-run it several times between steps 1 and 2 in order to keep an updated list.

In accordance with FESCo's Inactive Packager Policy[1], packagers that have been identified as inactive have a ticket in the find-inactive-packagers repo[2]. One week after the final release, packagers who remain inactive will be removed from the packager group. (Note that pagure.io is one of the systems checked for activity, so commenting on your ticket that you're still around will prevent you from showing up in the second round.)

If you have suggestions for improvement, look for the open feature issues[3] and file an issue in the find-inactive-packagers repo[4] if it's not there already.

For the curious, here are the stats from today's run:

<INSERT STATS FROM SCRIPT>

[1] https://docs.fedoraproject.org/en-US/fesco/Policy_for_inactive_packagers/
[2] https://pagure.io/find-inactive-packagers/issues?tags=inactive_packager&status=Open
[3] https://pagure.io/find-inactive-packagers/issues?tags=feature
[4] https://pagure.io/find-inactive-packagers/new_issue

Managing responses

If the packager replies that they would like to keep packager status, close the ticket Keep pacakger status.

If the packager replies that they are okay with dropping their packager status, add the asked_removal tag, but do not close the ticket.

Request removal of inactive packagers

  1. Run python3 find-inactive-packagers.py step-two --close-tickets. This generates a still_inactive.csv file and closes active tickets appropriately.

  2. Open a Fedora Infrastructure ticket to remove inactive packagers.