Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#26617 closed task (fixed)

Deactivate email forwarding and LDAP for linda@

Reported by: ewyatt Owned by: tpa
Priority: High Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: arma@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



Please deactivate email forwarding and LDAP access for Linda@torproject.org.  She is no longer an employee, the CC has confirmed she resigned, she has been inactive for more than 6 months, and she has been notified of this change. Thank you.

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEENecqn2ZVRfkstmYkugyUAPgPkc4FAls6b4QACgkQugyUAPgP
kc6aNQ/7BZdUszLvgCw1ZUVXoKG+i5he5BnP+5U0NgjwWjG/7/jcucVvcjEyH+sd
68EFp2SRl331NH00E9EdUHqAzKBIihsMvhdLLijDfNNyyxsBdE8Uow+GRZ67QLHv
iPYeZ2YKRyNQ5JMnZzEtVMAn7BUDZHMUlHD0lbTrPEYF4HxB+eOEMNb6xnnKcUWz
9dKrQsSvN1FY3sKknwWJCt8noC3o7oS2+UafLPaySq8VyM71xyBqBHqTb8XZNUjK
ohcpAq48uLoTFkKIJHJUm254FZWzKXzH70c023qawFzcoayynrrIr5UsF9Sumw5k
ielXRzjsq2Oqq9q5yXto0yuRdvxvrAPpDEuwRd5uIaVZQ/u0Cotu7mi0GrowJ/jF
5URtrn6AWMHortbXnNOGMJLLaq75wJxW16iML5xuYQllBuBize09qEU5aeO1/Drv
ObJFgzMS+gIJcK5BDjF1E2lFaCHQuTkW8tBM5dOcCjkqlNDThnQqn2LBjV+LQx1H
ByBZqS3bO1vUr2r2zxUo664f+AixwUrWgFIyLAxqIE9Q2E6JUeAkyeAnLjzqq49K
Onbq021RhD1HA+jAjUeB/Aa8Z6S6Qg9JvKCJIe47SwkboAvZRo1+lgUDEX5de0cv
AzGI0J7tx3/4qpCpjlg6yrhlN4BYduHglmnFU9LFwPYa9IXICVs=
=TcZJ
-----END PGP SIGNATURE-----

Child Tickets

Change History (4)

comment:1 Changed 2 years ago by arma

Yes please!

(We don't have an explicit policy yet on who and whether we need to ack requests to disable ldap accounts too, so I am acking this one to be sure.)

comment:2 in reply to:  1 Changed 2 years ago by arma

Replying to arma:

(We don't have an explicit policy yet on who and whether we need to ack requests to disable ldap accounts too, so I am acking this one to be sure.)

I put a simple policy at https://help.torproject.org/tsa/doc/accounts/#retiring-account so we have something to start from.

comment:3 Changed 2 years ago by weasel

Resolution: fixed
Status: newclosed

Account locked (set to retired).

Whenever we retire accounts email will, by default, continue to work for half a year.

Please consider this when filing these requests in the future and let me know if we really need to kill email forwarding immediately in this case here.

comment:4 Changed 2 years ago by arma

Ok, I talked to weasel more, and apparently we have two main options for disabling ldap accounts, using the infrastructure that we inherited from Debian:

  • Setting the account to "retiring", which disables their access to Tor hosts and git things, and makes email work for 186 more days and then automatically stop.
  • Setting the account to "inactive", which disables everything right then.

I asked him to set the linda account to inactive, since that's what we told her we're doing. And in the future, unless there's actually an "oh shit we need to disable that email address right now" reason, we should prefer asking to set people to "retiring" and then they get a 'soft exit' on the email address.

Note: See TracTickets for help on using tickets.