Email cleanup tracking

[Trott]

• Audit admin/accounts/build email addresses
• The ci email address goes solely to @joaocgreis. It would be good to find out what it's for, whether it gets any email, and who else might be added to it.
• Audit ci-alert email address
• The build-security address has @mmarchini and two other people who are (AFAIK) not active (@maclover7 and @gibfahn). It would be good to find out what it's for, whether it gets any email, and who else might be added to it.
• The security-ecosystem address goes to HackerOne. I don't believe it is taking any more reports. We should probably remove that email address? Or set up an auto-reply? Or maybe HackerOne sends a decent auto-reply?
• The user-feedback email address is likely unused?
• Are we still doing CrowdIn and the nodejs-crowdin email address? If so, are @zeke and @obensource still the right people for that email address? Are there others?
• Audit i18n similar to nodejs-crowdin .
• Audit github-bot. It's mostly inactive people. Is the email address used?
• The node-slack-bot address goes to one (inactive?) person (@gdams). Does it get any email? Would it make sense to add some other folks?
• The website-redesign email doesn't seem to have the current and active website-redesign people? Is that email even necessary? Seems like the GitHub team is sufficient.
• Audit zoom-nodejs. (Seems like a somewhat weird mix of people. Who is on there and why? What is the purpose of the email address?)

Originally posted by @Trott in #181 (comment)

[richardlau]

• The ci email address goes solely to @joaocgreis. It would be good to find out what it's for, whether it gets any email, and who else might be added to it.

It's linked to https://github.com/nodejs-ci and is used by our Jenkins CI to authenticate to GitHub, including accessing the private repos. It got one mail when I invited it to the private libuv org/repo in May last year (Joao followed up with me).

For completeness, the build email is linked to https://github.com/node-forward-build. I don't have the history as to why we have two GitHub accounts associated with the build WG. Details for both of the accounts are in the build secrets repo under build/infra.

[mhdawson]

I believe we can also remove crypto-report

[mhdawson]

Audit zoom-nodejs. (Seems like a somewhat weird mix of people. Who is on there and why? What is the purpose of the email address?)

Anybody who hosts zoom calls using the Node.js account should be on this list. Needed to get authentication tokens that are sometimes needed.

[UlisesGascon]

The security-ecosystem address goes to HackerOne. I don't believe it is taking any more reports. We should probably remove that email address? Or set up an auto-reply? Or maybe HackerOne sends a decent auto-reply?

Are we clear on this, @RafaelGSS ? Should we include it to the next meeting?

[RafaelGSS]

Yes, we should probably remove that email address.

[mmarchini]

The build-security address has @mmarchini and two other people who are (AFAIK) not active (@maclover7 and @gibfahn). It would be good to find out what it's for, whether it gets any email, and who else might be added to it.

No idea what that was for, didn't know it existed. Also seems like it was removed so you can check that as done: e8e43b2