retire karsten's accesses
Since Karsten passed away, it is with a deep sadness in our hearts that we should start revoking his accesses inside the organisation.
The process for this is documented in retire-a-user, although we should probably clarify what happens to his emails... Obviously, we haven't handled such a situation before (as far as I know), so we should be extra careful as to what we do with everything.
Those are the services that need to be checked:
- Big Blue Button: done, user has no access
- blog (blocked, removed him from the blogger and admin groups, but kept the account)
- bridges.tpo: no idea
- btcpayserver: @hiro? i have no access
- CiviCRM: i have no access
email: karsten was a member of the
tor-archive-group@aliases and was removed,
kanerremain on the former,
dcfremain on the latter, see also the
- GitLab: done, user is blocked
- Gitolite/git-rw: @ahf @hiro
- IRC: not using the irc bouncer, but part of the @tor-tpomember group and possibly more. @arma can you remove him from those irc groups?
- jenkins: @weasel ?
- LDAP: any TPA admin can revoke karsten's accesses, not sure when to do this or what to do with his email address...
- nagios: removed his contact, need to find someone else to receive problem notifications for collector
- Nextcloud: done, account disabled
- survey (revoked his accesses, but kept the account in case removing it would break surveys)
- SVN: no access
- translation: done, no access
WKD: removed his key from our OpenPGP keyring (crossing fingers here: hopefully that won't have a negative impact - this can easily be canceled by reverting commit 3b7bc44 in the
Additional TODO items, maybe out of scope?
- globe is actually in use on staticiforme: /srv/globe-master.torproject.org is owned by the group. should those files be deleted?
- check for files owned by karsten across the infra
- check for crontabs owned by karsten everywhere (with actual lines! e.g. colchicifolium had an empty one)
- decide what to do with torextratpo (no change since 2018)?
- iwakeh and nima are now only part of the "torproject" group, should their accesses be completely revoked?
users removed from groups need to be checked across the accessible servers, karsten's files need to be checked separately (above) everywhere:
- check.tpo: cleared files owned by arlo and phw, no other files found
- collector: cleared dot files, gave what seemed to be important files in /home/iwakeh to arlo
- exonerator: cleared mostly dot files from iwakeh
- metrics: iwakeh
- onionoo: iwakeh
- torarchive: boklm
- tordnsel: phw
- torextratpa: nima
- tormedia: nima