{"ancestors":[{"id":"111805763060720418","created_at":"2024-01-23T14:35:54.518Z","in_reply_to_id":null,"in_reply_to_account_id":null,"sensitive":false,"spoiler_text":"","visibility":"public","language":"en","uri":"https://fosstodon.org/users/sethmlarson/statuses/111805763060720418","url":"https://fosstodon.org/@sethmlarson/111805763060720418","replies_count":2,"reblogs_count":11,"favourites_count":25,"quotes_count":0,"edited_at":"2024-01-23T14:42:45.909Z","content":"\u003cp\u003eI wrote some guidance on a tough topic, removing an inactive maintainer from an \u003ca href=\"https://fosstodon.org/tags/opensource\" class=\"mention hashtag\" rel=\"tag\"\u003e#\u003cspan\u003eopensource\u003c/span\u003e\u003c/a\u003e project:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/removing-maintainers-from-open-source-projects\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003esethmlarson.dev/removing-maint\u003c/span\u003e\u003cspan class=\"invisible\"\u003eainers-from-open-source-projects\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","reblog":null,"application":null,"account":{"id":"108194144469322922","username":"sethmlarson","acct":"sethmlarson","display_name":"Seth Larson","locked":false,"bot":false,"discoverable":true,"indexable":true,"group":false,"created_at":"2022-04-25T00:00:00.000Z","note":"\u003cp\u003e:python: Security, Fellow \u003cspan class=\"h-card\" translate=\"no\"\u003e\u003ca href=\"https://fosstodon.org/@ThePSF\" class=\"u-url mention\"\u003e@\u003cspan\u003eThePSF\u003c/span\u003e\u003c/a\u003e\u003c/span\u003e 🐍 Trans rights, BLM, Minnesoootan, he/him\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://sethmlarson.dev\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003esethmlarson.dev\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","url":"https://fosstodon.org/@sethmlarson","uri":"https://fosstodon.org/users/sethmlarson","avatar":"https://cdn.fosstodon.org/accounts/avatars/108/194/144/469/322/922/original/a6a100f57fc6dca7.jpeg","avatar_static":"https://cdn.fosstodon.org/accounts/avatars/108/194/144/469/322/922/original/a6a100f57fc6dca7.jpeg","header":"https://cdn.fosstodon.org/accounts/headers/108/194/144/469/322/922/original/b0d85548eaf84a5d.jpeg","header_static":"https://cdn.fosstodon.org/accounts/headers/108/194/144/469/322/922/original/b0d85548eaf84a5d.jpeg","followers_count":93,"following_count":376,"statuses_count":3366,"last_status_at":"2025-06-04","hide_collections":false,"noindex":false,"moved":{"id":"114626482649101204","username":"sethmlarson","acct":"sethmlarson@mastodon.social","display_name":"Seth Larson","locked":false,"bot":false,"discoverable":true,"indexable":true,"group":false,"created_at":"2025-06-04T00:00:00.000Z","note":"\u003cp\u003eSecurity and Fellow at the Python Software Foundation 🐍 Trans rights, BLM, Minnesoootan, retro gaming, he/him\u2029\u2029\u003c/p\u003e\u003cp\u003eBlog: \u003ca href=\"https://sethmlarson.dev\" rel=\"nofollow noopener\" translate=\"no\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003esethmlarson.dev\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","url":"https://mastodon.social/@sethmlarson","uri":"https://mastodon.social/users/sethmlarson","avatar":"https://cdn.fosstodon.org/cache/accounts/avatars/114/626/482/649/101/204/original/5eb8fd6cdfb856e6.jpg","avatar_static":"https://cdn.fosstodon.org/cache/accounts/avatars/114/626/482/649/101/204/original/5eb8fd6cdfb856e6.jpg","header":"https://cdn.fosstodon.org/cache/accounts/headers/114/626/482/649/101/204/original/5bc9e450dc863546.png","header_static":"https://cdn.fosstodon.org/cache/accounts/headers/114/626/482/649/101/204/original/5bc9e450dc863546.png","followers_count":1943,"following_count":410,"statuses_count":1019,"last_status_at":"2026-04-19","hide_collections":true,"emojis":[],"fields":[{"name":"Blog","value":"\u003ca href=\"https://sethmlarson.dev\" rel=\"nofollow noopener\" translate=\"no\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003esethmlarson.dev\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":null},{"name":"Signal","value":"sethmlarson.99","verified_at":null}]},"emojis":[{"shortcode":"python","url":"https://cdn.fosstodon.org/custom_emojis/images/000/025/124/original/7e1fe81995650028.png","static_url":"https://cdn.fosstodon.org/custom_emojis/images/000/025/124/static/7e1fe81995650028.png","visible_in_picker":true},{"shortcode":"indieweb","url":"https://cdn.fosstodon.org/custom_emojis/images/000/131/320/original/b6bd5dd32a014444.png","static_url":"https://cdn.fosstodon.org/custom_emojis/images/000/131/320/static/b6bd5dd32a014444.png","visible_in_picker":true},{"shortcode":"signal","url":"https://cdn.fosstodon.org/custom_emojis/images/000/130/941/original/9186fa10e37f9dbf.png","static_url":"https://cdn.fosstodon.org/custom_emojis/images/000/130/941/static/9186fa10e37f9dbf.png","visible_in_picker":true}],"roles":[{"id":"8","name":"Supporter 💰♥️","color":"#4f7a28"}],"fields":[{"name":":indieweb: Blog","value":"\u003ca href=\"https://sethmlarson.dev\" target=\"_blank\" rel=\"nofollow noopener me\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003esethmlarson.dev\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":"2022-11-12T22:30:55.151+00:00"},{"name":":signal: Signal","value":"sethmlarson.99","verified_at":null}]},"media_attachments":[],"mentions":[],"tags":[{"name":"opensource","url":"https://fosstodon.org/tags/opensource"}],"emojis":[],"quote":null,"card":{"url":"https://sethmlarson.dev/removing-maintainers-from-open-source-projects","title":"Removing maintainers from open source projects","description":"Here's a tough but common situation for open source maintainers:\n\n\nYou want a project you co-maintain to be more secure by reducing the attack surface.\nThere are one or more folks in privileged rol...","language":"en","type":"link","author_name":"Seth Michael Larson","author_url":"","provider_name":"Seth Michael Larson","provider_url":"","html":"","width":460,"height":460,"image":null,"image_description":"","embed_url":"","blurhash":"UTEM2hRktQbI~9WVMxfk-poeNKkBx^ofayj[","published_at":null,"authors":[{"name":"Seth Michael Larson","url":"","account":null}]},"poll":null,"quote_approval":{"automatic":[],"manual":[],"current_user":"denied"}},{"id":"111806987018933879","created_at":"2024-01-23T19:47:10.000Z","in_reply_to_id":"111805763060720418","in_reply_to_account_id":"108194144469322922","sensitive":false,"spoiler_text":"","visibility":"public","language":"en","uri":"https://hachyderm.io/users/funnelfiasco/statuses/111806986994576934","url":"https://hachyderm.io/@funnelfiasco/111806986994576934","replies_count":1,"reblogs_count":0,"favourites_count":0,"quotes_count":0,"edited_at":null,"content":"\u003cp\u003e\u003cspan class=\"h-card\" translate=\"no\"\u003e\u003ca href=\"https://fosstodon.org/@sethmlarson\" class=\"u-url mention\" rel=\"nofollow noopener\" target=\"_blank\"\u003e@\u003cspan\u003esethmlarson\u003c/span\u003e\u003c/a\u003e\u003c/span\u003e Fedora has a pretty good policy in place: \u003ca href=\"https://docs.fedoraproject.org/en-US/fesco/Policy_for_inactive_packagers/\" rel=\"nofollow noopener\" translate=\"no\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003edocs.fedoraproject.org/en-US/f\u003c/span\u003e\u003cspan class=\"invisible\"\u003eesco/Policy_for_inactive_packagers/\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIt's not universally beloved, but it's been well-received enough\u003c/p\u003e","reblog":null,"account":{"id":"109537118747946360","username":"funnelfiasco","acct":"funnelfiasco@hachyderm.io","display_name":"Ben Cotton (he/him)","locked":false,"bot":false,"discoverable":true,"indexable":true,"group":false,"created_at":"2022-12-18T00:00:00.000Z","note":"\u003cp\u003eAuthor of \"Program Management for Open Source Projects\" and all-around opinion haver. Always looking for my next tornado. I get too invested in sports.\u003c/p\u003e","url":"https://hachyderm.io/@funnelfiasco","uri":"https://hachyderm.io/users/funnelfiasco","avatar":"https://cdn.fosstodon.org/cache/accounts/avatars/109/537/118/747/946/360/original/fffa2fab26fa4005.jpg","avatar_static":"https://cdn.fosstodon.org/cache/accounts/avatars/109/537/118/747/946/360/original/fffa2fab26fa4005.jpg","header":"https://fosstodon.org/headers/original/missing.png","header_static":"https://fosstodon.org/headers/original/missing.png","followers_count":996,"following_count":988,"statuses_count":4694,"last_status_at":"2026-04-18","hide_collections":false,"emojis":[],"fields":[{"name":"Website","value":"\u003ca href=\"https://funnelfiasco.com\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003efunnelfiasco.com\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":"2026-04-15T18:12:34.508+00:00"},{"name":"Duck Alignment Academy","value":"\u003ca href=\"https://duckalignment.academy\" rel=\"nofollow noopener\" translate=\"no\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003educkalignment.academy\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":null},{"name":"Bluesky","value":"\u003ca href=\"https://bsky.app/profile/funnelfiasco.bsky.social\" rel=\"nofollow noopener\" translate=\"no\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003ebsky.app/profile/funnelfiasco.\u003c/span\u003e\u003cspan class=\"invisible\"\u003ebsky.social\u003c/span\u003e\u003c/a\u003e","verified_at":null},{"name":"Gravatar","value":"\u003ca href=\"https://gravatar.com/stormmaster83\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003egravatar.com/stormmaster83\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":"2026-04-15T18:12:35.928+00:00"}]},"media_attachments":[],"mentions":[{"id":"108194144469322922","username":"sethmlarson","url":"https://fosstodon.org/@sethmlarson","acct":"sethmlarson"}],"tags":[],"emojis":[],"quote":null,"card":{"url":"https://docs.fedoraproject.org/en-US/fesco/Policy_for_inactive_packagers/","title":"Inactive packagers policy","description":"Learn more about Fedora Linux, the Fedora Project \u0026 the Fedora Community.","language":"en","type":"link","author_name":"","author_url":"","provider_name":"Fedora Docs","provider_url":"","html":"","width":225,"height":62,"image":null,"image_description":"","embed_url":"","blurhash":"Ul7y0L%%yFtSaeaeWBWBRORjWBWVj?j?j?oJ","published_at":null,"authors":[]},"poll":null,"quote_approval":{"automatic":[],"manual":[],"current_user":"denied"}}],"descendants":[{"id":"111807072343559089","created_at":"2024-01-23T20:08:52.000Z","in_reply_to_id":"111807028286655435","in_reply_to_account_id":"108194144469322922","sensitive":false,"spoiler_text":"","visibility":"public","language":"en","uri":"https://hachyderm.io/users/funnelfiasco/statuses/111807072318198232","url":"https://hachyderm.io/@funnelfiasco/111807072318198232","replies_count":0,"reblogs_count":0,"favourites_count":0,"quotes_count":0,"edited_at":null,"content":"\u003cp\u003e\u003cspan class=\"h-card\" translate=\"no\"\u003e\u003ca href=\"https://fosstodon.org/@sethmlarson\" class=\"u-url mention\" rel=\"nofollow noopener\" target=\"_blank\"\u003e@\u003cspan\u003esethmlarson\u003c/span\u003e\u003c/a\u003e\u003c/span\u003e I have thoughts on \"their own projects\" (if there are people in place to remove them, it's not \"theirs\" anymore)\u003c/p\u003e\u003cp\u003eBut, no, it was not about 2FA. It was \"package maintainers are in a position of trust and we don't want a compromised password for someone who has been inactive for a long time to be a malware vector\". The 2FA exemption was basically a \"even if you're long gone, no one can get in with your account, so whatever\")\u003c/p\u003e","reblog":null,"account":{"id":"109537118747946360","username":"funnelfiasco","acct":"funnelfiasco@hachyderm.io","display_name":"Ben Cotton (he/him)","locked":false,"bot":false,"discoverable":true,"indexable":true,"group":false,"created_at":"2022-12-18T00:00:00.000Z","note":"\u003cp\u003eAuthor of \"Program Management for Open Source Projects\" and all-around opinion haver. Always looking for my next tornado. I get too invested in sports.\u003c/p\u003e","url":"https://hachyderm.io/@funnelfiasco","uri":"https://hachyderm.io/users/funnelfiasco","avatar":"https://cdn.fosstodon.org/cache/accounts/avatars/109/537/118/747/946/360/original/fffa2fab26fa4005.jpg","avatar_static":"https://cdn.fosstodon.org/cache/accounts/avatars/109/537/118/747/946/360/original/fffa2fab26fa4005.jpg","header":"https://fosstodon.org/headers/original/missing.png","header_static":"https://fosstodon.org/headers/original/missing.png","followers_count":996,"following_count":988,"statuses_count":4694,"last_status_at":"2026-04-18","hide_collections":false,"emojis":[],"fields":[{"name":"Website","value":"\u003ca href=\"https://funnelfiasco.com\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003efunnelfiasco.com\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":"2026-04-15T18:12:34.508+00:00"},{"name":"Duck Alignment Academy","value":"\u003ca href=\"https://duckalignment.academy\" rel=\"nofollow noopener\" translate=\"no\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003educkalignment.academy\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":null},{"name":"Bluesky","value":"\u003ca href=\"https://bsky.app/profile/funnelfiasco.bsky.social\" rel=\"nofollow noopener\" translate=\"no\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"ellipsis\"\u003ebsky.app/profile/funnelfiasco.\u003c/span\u003e\u003cspan class=\"invisible\"\u003ebsky.social\u003c/span\u003e\u003c/a\u003e","verified_at":null},{"name":"Gravatar","value":"\u003ca href=\"https://gravatar.com/stormmaster83\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003egravatar.com/stormmaster83\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e","verified_at":"2026-04-15T18:12:35.928+00:00"}]},"media_attachments":[],"mentions":[{"id":"108194144469322922","username":"sethmlarson","url":"https://fosstodon.org/@sethmlarson","acct":"sethmlarson"}],"tags":[],"emojis":[],"quote":null,"card":null,"poll":null,"quote_approval":{"automatic":[],"manual":[],"current_user":"denied"}}]}