Description
Teodora stepping down as maintainer got me thinking that we should clean up the maintainers list periodically:
- I think both docs/MAINTAINERS.txt and especially the actual permissions lists (so github project, pypi, etc) should only list the maintainers who are actively using the elevated powers (so approving and merging PRs, creating releases, configuring services).
- this is basic security posture: anyones account can be compromised, so fewer elevated permissions leads to fewer project compromises
- all services should have > 2 active maintainers to minimize bus factor (and prevent project being locked out from critical services by accident)
Maybe a clearly separate "Emeritus maintainers" section in docs/MAINTAINERS.txt would be nice and would make moving psychologically easier? I would suggest a rough rule if you've not used elevated permissions in the past year or don't plan to use them during the next year, you might be a Emeritus Maintainer.
As an additional thing: it's not easy to check if the actual permissions are appropriate (as an example I don't think I can see who even has Github maintainer status) so maybe we should make a yearly issue to manually check them?
2022-01-24 situation looks like this:
- docs/MAINTAINERS.txt: @awwad, @mnm678, @trishankatdatadog, @lukpueh, @SantiagoTorres, @joshuagl, @jku, @sechkova (+@JustinCappos as consensus builder)
- github: ???
- PyPI: @jku, @joshuagl, @JustinCappos, @lukpueh, @SantiagoTorres
- ReadTheDocs: @jku, @sechkova, @joshuagl
- coveralls: ???
Teodora has already said she's moving to other things but how about others? E.g. @awwad, @SantiagoTorres any objections to becoming emeritus maintainers?
@lukpueh would you mind filling in the question marks on the list? Also would you like to make an account at readthedocs.org and let me know the account name so I can add you as maintainer?