I don't agree that it's just a matter of trusting committers to keep
their accounts secure. It's also the project's responsibility to keep
the project's repositories secure, and I think it's a matter of
routine security.

An inactive committer may not think to change their ASF credentials in
the case of laptop theft, or some other exposure. And, what about in
the case of death (it happens)... should those credentials have
indefinite access? However, since it should only be done as a security
precaution for inactive users (if at all), I don't think it's a matter
of requesting write-access again... it's really a matter of demanding
it. Asking is polite, but the expectation should be that it be
re-enabled, as a requirement... since it was only done as a matter of
routine security, and not because that committer's privileges are in

I don't have a strong opinion that we enact such a policy for inactive
committers, but if we do, I think it has merits beyond trusting
individuals with keeping their personal credentials secure.

Also FYI, "concensus" spelled correctly is "consensus".

Christopher L Tubbs II
On Tue, Feb 18, 2014 at 5:08 PM, Josh Elser <[EMAIL PROTECTED]> wrote:

NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB