Hugo van KemenadeWe're going to start disabling the commit bit (aka write access) to the #CPython repo for inactive core team members.
https://discuss.python.org/t/regularly-disabling-unused-commit-access-to-the-cpython-repo/105010
I proposed this after a security discussion at last year's #LanguageSummit:
https://pyfound.blogspot.com/2024/06/python-language-summit-2024-python-security-model-after-xz.html
Disabling the commit bit has no impact on core team status, nor Steering Council voting status, and you can easily ask for it back again.
Regularly disabling unused commit access to the cpython repo
Howdy committers - The Python Steering Council (PSC) has had an open issue based on discussions last year to improve our project’s security posture. We’re going to move forward with disabling GitHub commit privileges for inactive core team members. This has no impact on “core team” or “Python Steering Council (PSC) voting” status. It is merely a good security practice to not leave unused credentials laying around. Seth (Security Developer-in-Residence) lays out the rationale here. How do we...