[Pulp-dev] Requiring 2FA in Github
Dennis Kliban
dkliban at redhat.com
Thu Aug 16 13:08:55 UTC 2018
+1
On Wed, Aug 15, 2018 at 4:06 PM, Brian Bouterse <bbouters at redhat.com> wrote:
> +1
>
> tiny grammar fix on the PR requested. Thank you for organizing this!
>
> On Wed, Aug 15, 2018 at 2:10 PM, David Davis <daviddavis at redhat.com>
> wrote:
>
>> Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if
>> approved) will require 2FA for the Pulp organization in Github:
>>
>> https://github.com/pulp/pups/pull/14
>>
>> Feedback welcome. Also, I'd like to call for a vote by August 27, 2018.
>> Per PUP-1[0], are the voting options:
>>
>> +1: "Will benefit the project and should definitely be adopted."
>> +0: "Might benefit the project and is acceptable."
>> -0: "Might not be the right choice but is acceptable."
>> -1: "I have serious reservations that need to be thought through and
>> addressed."
>>
>> [0] https://github.com/pulp/pups/blob/master/pup-0001.md
>>
>> David
>>
>>
>> On Wed, Aug 1, 2018 at 3:00 PM David Davis <daviddavis at redhat.com> wrote:
>>
>>> +1 to opening a PUP. Seems like that’s the best way to document the
>>> policy. I will start working on this.
>>>
>>> David
>>>
>>>
>>> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse <bbouters at redhat.com>
>>> wrote:
>>>
>>>> +1 to requiring it. I also already have it enabled. Would it be
>>>> possible to either (a) turn this into a short pup and call for a vote or
>>>> (b) add a date to close this email thread decision by?
>>>>
>>>> Let me know if I should help write/review any.
>>>>
>>>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
>>>> ttereshc at redhat.com> wrote:
>>>>
>>>>> +1, enabled.
>>>>>
>>>>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban <dkliban at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> +1, but I already have it enabled.
>>>>>>
>>>>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis <daviddavis at redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I got a notification from another organization I am a member of on
>>>>>>> Github[0] that they are going to require Two Factor Authentication[1] in
>>>>>>> response to recent news about some malicious code being shipped in a
>>>>>>> compromised npm package[2].
>>>>>>>
>>>>>>> We are vulnerable to having malicious code deployed to PyPI if one
>>>>>>> of our Github accounts is compromised. Thus, I wonder if we should also
>>>>>>> require that people with a commit bit have Two Factor Authentication
>>>>>>> enabled.
>>>>>>>
>>>>>>> Thoughts?
>>>>>>>
>>>>>>> [0] https://community.theforeman.org/t/require-2fa-for-
>>>>>>> github-organization-members/10404
>>>>>>> [1] https://help.github.com/articles/requiring-two-factor-au
>>>>>>> thentication-in-your-organization/
>>>>>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>>>>>>
>>>>>>> David
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Pulp-dev mailing list
>>>>>>> Pulp-dev at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Pulp-dev mailing list
>>>>>> Pulp-dev at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Pulp-dev mailing list
>>>>> Pulp-dev at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>
>>>>>
>>>>
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20180816/59ae11ca/attachment.htm>
More information about the Pulp-dev
mailing list