email icon indicating copy to clipboard operation
email copied to clipboard
verified publisher icon nodejs

Email cleanup tracking

Open Trott opened this issue 3 years ago • 6 comments

  • [ ] Audit admin/accounts/build email addresses
  • [ ] The ci email address goes solely to @joaocgreis. It would be good to find out what it's for, whether it gets any email, and who else might be added to it.
  • [ ] Audit ci-alert email address
  • [x] The build-security address has @mmarchini and two other people who are (AFAIK) not active (@maclover7 and @gibfahn). It would be good to find out what it's for, whether it gets any email, and who else might be added to it.
  • [ ] The security-ecosystem address goes to HackerOne. I don't believe it is taking any more reports. We should probably remove that email address? Or set up an auto-reply? Or maybe HackerOne sends a decent auto-reply?
  • [x] The user-feedback email address is likely unused?
  • [ ] Are we still doing CrowdIn and the nodejs-crowdin email address? If so, are @zeke and @obensource still the right people for that email address? Are there others?
  • [ ] Audit i18n similar to nodejs-crowdin .
  • [ ] Audit github-bot. It's mostly inactive people. Is the email address used?
  • [ ] The node-slack-bot address goes to one (inactive?) person (@gdams). Does it get any email? Would it make sense to add some other folks?
  • [ ] The website-redesign email doesn't seem to have the current and active website-redesign people? Is that email even necessary? Seems like the GitHub team is sufficient.
  • [ ] Audit zoom-nodejs. (Seems like a somewhat weird mix of people. Who is on there and why? What is the purpose of the email address?)

Originally posted by @Trott in https://github.com/nodejs/email/issues/181#issuecomment-1048829855

Trott avatar Feb 23 '22 14:02 Trott

  • [ ] The ci email address goes solely to @joaocgreis. It would be good to find out what it's for, whether it gets any email, and who else might be added to it.

It's linked to https://github.com/nodejs-ci and is used by our Jenkins CI to authenticate to GitHub, including accessing the private repos. It got one mail when I invited it to the private libuv org/repo in May last year (Joao followed up with me).

For completeness, the build email is linked to https://github.com/node-forward-build. I don't have the history as to why we have two GitHub accounts associated with the build WG. Details for both of the accounts are in the build secrets repo under build/infra.

richardlau avatar Feb 23 '22 14:02 richardlau

I believe we can also remove crypto-report

mhdawson avatar Feb 23 '22 19:02 mhdawson

Audit zoom-nodejs. (Seems like a somewhat weird mix of people. Who is on there and why? What is the purpose of the email address?)

Anybody who hosts zoom calls using the Node.js account should be on this list. Needed to get authentication tokens that are sometimes needed.

mhdawson avatar Feb 23 '22 19:02 mhdawson

The security-ecosystem address goes to HackerOne. I don't believe it is taking any more reports. We should probably remove that email address? Or set up an auto-reply? Or maybe HackerOne sends a decent auto-reply?

Are we clear on this, @RafaelGSS ? Should we include it to the next meeting?

UlisesGascon avatar Mar 25 '23 14:03 UlisesGascon

Yes, we should probably remove that email address.

RafaelGSS avatar Mar 25 '23 18:03 RafaelGSS

The build-security address has @mmarchini and two other people who are (AFAIK) not active (@maclover7 and @gibfahn). It would be good to find out what it's for, whether it gets any email, and who else might be added to it.

No idea what that was for, didn't know it existed. Also seems like it was removed so you can check that as done: https://github.com/nodejs/email/commit/e8e43b2785e6cc8bd63689547deb6f92d3dc1135

mmarchini avatar Jun 18 '23 18:06 mmarchini