Increased deactivation threshold to 180 days
What does this MR do?
Fixes #34692 (closed)
This MR extends the deactivation threshold introduced in 12.4 in !17037 (merged), #22257 (closed).
The need for this change was discussed at the E-Group Meeting on 2019-10-22 and discussed further on Slack. Stakeholders in GitLab are concerned that we don't understand the business implications of this change well enough to include this approach in our first iteration. There's a chance that the release of this feature could spur deactivations at scale, and since we haven't released a feature like this before - we can't accurately assert what impact this change will have.
Instead, our plan is to extend the deactivation threshold to a horizon that we feel is low-risk, take time to better understand the effects of this change, and then lower the threshold in the future when we understand the impact.
Since this MR reduces an unknown risk to GitLab's bottom line, we should consider this high priority and consider it for merging into the next patch release.
We've also merged in a handbook change to reduce the risk of this happening in the future: gitlab-com/www-gitlab-com!32994 (merged)
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team