Process of inactive user removal.

[Carreau]

We've been auditing the various orgs on the security side.

We have a large number of users who did not have any activity on any of the jupyter orgs for the past at least year (GitHub does not report anything past 365 days).

For privacy reasons I do not want to publish this list publicly, but the issue with this list of users will be backlinked here and visible if you have access.

I do not want to just "remove" all these users as "inactive" in Github sens may not mean "uninvolved" in the project. Though I'm not sure how to either:

• ping those users
• have other orgs member review the list.

Without making this list public.

I thus seek the EC advice; worse case I suppose we can remove all these users (we have a list of which orgs they belonged to) and readd them later.

[jasongrout]

Would you send an email to the SSC and EC private email lists with a link to the issue with this list of users? I think managing contributor access is usually a subproject matter, but a cross-project cleanup like this I think rises to the level of SSC/EC involvement, so thanks for flagging it.

[Carreau]

Email sent. I've mentioned an arbitrary timeline to end of January at which point I will remove any users for whom I did not receive any reasons to be keept.