[Pulp-dev] Requiring 2FA in Github

David Davis daviddavis at redhat.com
Wed Aug 1 19:00:28 UTC 2018 

+1 to opening a PUP. Seems like that’s the best way to document the policy.
I will start working on this.

David


On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse <bbouters at redhat.com> wrote:

> +1 to requiring it. I also already have it enabled. Would it be possible
> to either (a) turn this into a short pup and call for a vote or (b) add a
> date to close this email thread decision by?
>
> Let me know if I should help write/review any.
>
> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <ttereshc at redhat.com
> > wrote:
>
>> +1, enabled.
>>
>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban <dkliban at redhat.com>
>> wrote:
>>
>>> +1, but I already have it enabled.
>>>
>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis <daviddavis at redhat.com>
>>> wrote:
>>>
>>>> I got a notification from another organization I am a member of on
>>>> Github[0] that they are going to require Two Factor Authentication[1] in
>>>> response to recent news about some malicious code being shipped in a
>>>> compromised npm package[2].
>>>>
>>>> We are vulnerable to having malicious code deployed to PyPI if one of
>>>> our Github accounts is compromised. Thus, I wonder if we should also
>>>> require that people with a commit bit have Two Factor Authentication
>>>> enabled.
>>>>
>>>> Thoughts?
>>>>
>>>> [0]
>>>> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
>>>> [1]
>>>> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
>>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>>>
>>>> David
>>>>
>>>> _______________________________________________
>>>> Pulp-dev mailing list
>>>> Pulp-dev at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Pulp-dev mailing list
>>> Pulp-dev at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>> _______________________________________________
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20180801/bd87f3f0/attachment.htm>

More information about the Pulp-dev mailing list