Describe memorialization procedure

python · ambv · Feb 19, 2025 · Feb 18, 2025 · Feb 18, 2025 · Feb 18, 2025
commit 481e1f03b540c1dd6d43e654b6ba32fd0f246303
diff --git a/core-developers/index.rst b/core-developers/index.rst
@@ -13,3 +13,4 @@ Core developers
   developer-log
   motivations
   become-core-developer
+   memorialization
diff --git a/core-developers/memorialization.rst b/core-developers/memorialization.rst
@@ -0,0 +1,132 @@
+.. _memorialize-core-developer:
+
+===============
+Memorialization
+===============
+
+Rationale
+=========
+
+When a core developer passes away, memorializing accounts helps create
+a space for remembering the contributor and protects against attempted
+logins and fraudulent activity.
+
+The process
+===========
+
+The memorialization process is performed by a member of the PSF staff
+with administrative access to current and historical systems where
+core developers have access.
+
+After the status of the core developer in question is confirmed,
+access to the systems listed below is revoked and some changes are
+made to how the user displays to others.
+
+To respect the choices that someone made while alive, we aim to preserve
+content of their accounts without changes after they've passed away.
+To support the bereaved, in some instances, we may remove or change
+certain content when the legacy contact or family members request it.
+
+GitHub
+------
+
+* The user is removed from the `python/ <https://github.com/orgs/python/>`_
+  organization on GitHub;
+* The user is removed from the `psf/ <https://github.com/orgs/psf/>`_
+  organization on GitHub;
+* The user is removed from the `pypa/ <https://github.com/orgs/pypa/>`_
+  organization on GitHub.
+
+The PSF staff does not follow up with GitHub with regards to GitHub account
+cancellation as this action is reserved for next-of-kin or designated by
+the deceased GitHub user to act as an account successor.
+
+The general policy regarding deceased users on GitHub is described
+`here <https://docs.github.com/en/site-policy/other-site-policies/github-deceased-user-policy>`_.
+
+CPython repository
+------------------
+
+* The user's GitHub handle is removed from ``/.github/CODE_OWNERS``.
+* The user is marked as deceased in the private
+  `voters/python-core.toml <https://github.com/python/voters/blob/main/python-core.toml>`_
+  file with the ``left=`` field set to the day of passing, if known.
+
+discuss.python.org
+------------------
+
+* The user's "custom status" is set to 🕊 ``in memoriam``;
+* The user's "about me" is amended with ``$firstname passed away on $date. [In memoriam.]($in_memoriam_post_url)``;
+* In the user's security "recently used devices" the staff member chooses "Log out all";
+* In the user's permissions the staff member chooses "Deactivate account";
+* The user's trust level is reset to ``1: basic user`` (trust level 0 doesn't allow links in "About Me");
+* The user's "associated accounts" (like GitHub) that provide an alternative
+  login method, are all disconnected;
+* The user's API keys are revoked;
+* The user's admin or moderator right is revoked;
+* The user's primary email address is reset to ``username@in-memoriam.invalid`` and
+  secondary email addresses are removed (this step requires the administrator
+  to contact Discourse.org staff via ``team@discourse.org``)
+
+The "in memoriam" Discourse topic mentioned above is best created by
+a community member close to the deceased.
+
+The general best practice for deceased community members on
+Discourse-powered forums is described `here <https://meta.discourse.org/t/best-practices-for-deceased-community-members/146210>`_.
+
+python.org email account
+------------------------
+
+The PSF staff member emails ``postmaster@python.org`` to ask the email
+administrator to:
+
+* remove SMTP access from ``USERNAME@python.org``;
+* reset the password to POP3/IMAP for ``USERNAME@python.org``;
+* disable email forwarding, if set up, for ``USERNAME@python.org``;
+* remove this email from all mailing lists under ``@python.org``;
+* remove any known alternate emails for the same user from all mailing lists
+  under ``@python.org``.
+
+python.org admin
+----------------
+
+* The user's account (``/admin/users/user``) is deactivated (NOT deleted)
+  and their staff and superuser status is unchecked;
+* The user's password is reset to a long random string;
+* The user's primary email address is set to ``USERNAME@in-memoriam.invalid``
+  and set as unverified;
+* The user's secondary email addresses are deleted;
+* The user's API keys (both on the account and ``tastypie``) are deleted;
+* The user's "I would like to be a PSF Voting Member" field is cleared.
+
+devguide.python.org
+-------------------
+
+* The user is marked as deceased in `developers.csv <https://github.com/python/devguide/blob/main/core-developers/developers.csv>`_;
+* The user is removed from the `Experts Index <https://github.com/python/devguide/blob/main/core-developers/experts.rst>`_.
+
+bugs.python.org
+---------------
+
+While the issue tracker was migrated to GitHub, the Roundup instance
+is still up for historical purposes.
+
+* the PSF staff member logs into ``bugs.nyc1.psf.io``;
+* the PSF staff member runs ``roundup-admin`` to set the user's email
+  address to ``USERNAME@in-memoriam.invalid``;
+* the user's alternate emails are removed;
+* the user's password is reset to a long random string;
+* the PSF staff member removes any active login sessions from Postgres.
+
+SSH server access
+-----------------
+
+* The user is removed from Salt configuration for the PSF infrastructure
+  in `/pillar/base/users <https://github.com/python/psf-salt/tree/main/pillar/base/users>`_.
+
+PyPI
+----
+
+* The PSF staff member notifies PyPI admins to mark the user as inactive,
+  remove their email addresses, prohibit their password resets, and
+  revoke all API keys.