[Pulp-dev] Requiring 2FA in Github

David Davis daviddavis at redhat.com
Mon Aug 20 14:08:41 UTC 2018 

There were some questions this morning about how to set up 2FA and use it
with Github. I want to send out this link:

https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/

I’ve added this link to the PUP as well. If you have more questions, feel
free to ask.

David


On Thu, Aug 16, 2018 at 12:33 PM Ina Panova <ipanova at redhat.com> wrote:

> +1
>
>
>
> --------
> Regards,
>
> Ina Panova
> Software Engineer| Pulp| Red Hat Inc.
>
> "Do not go where the path may lead,
>  go instead where there is no path and leave a trail."
>
> On Thu, Aug 16, 2018 at 3:08 PM, Dennis Kliban <dkliban at redhat.com> wrote:
>
>> +1
>>
>> On Wed, Aug 15, 2018 at 4:06 PM, Brian Bouterse <bbouters at redhat.com>
>> wrote:
>>
>>> +1
>>>
>>> tiny grammar fix on the PR requested. Thank you for organizing this!
>>>
>>> On Wed, Aug 15, 2018 at 2:10 PM, David Davis <daviddavis at redhat.com>
>>> wrote:
>>>
>>>> Thanks everyone for the feedback. I have opened a PR for PUP-7 which
>>>> (if approved) will require 2FA for the Pulp organization in Github:
>>>>
>>>> https://github.com/pulp/pups/pull/14
>>>>
>>>> Feedback welcome. Also, I'd like to call for a vote by August 27, 2018.
>>>> Per PUP-1[0], are the voting options:
>>>>
>>>> +1: "Will benefit the project and should definitely be adopted."
>>>> +0: "Might benefit the project and is acceptable."
>>>> -0: "Might not be the right choice but is acceptable."
>>>> -1: "I have serious reservations that need to be thought through and
>>>> addressed."
>>>>
>>>> [0] https://github.com/pulp/pups/blob/master/pup-0001.md
>>>>
>>>> David
>>>>
>>>>
>>>> On Wed, Aug 1, 2018 at 3:00 PM David Davis <daviddavis at redhat.com>
>>>> wrote:
>>>>
>>>>> +1 to opening a PUP. Seems like that’s the best way to document the
>>>>> policy. I will start working on this.
>>>>>
>>>>> David
>>>>>
>>>>>
>>>>> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse <bbouters at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> +1 to requiring it. I also already have it enabled. Would it be
>>>>>> possible to either (a) turn this into a short pup and call for a vote or
>>>>>> (b) add a date to close this email thread decision by?
>>>>>>
>>>>>> Let me know if I should help write/review any.
>>>>>>
>>>>>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
>>>>>> ttereshc at redhat.com> wrote:
>>>>>>
>>>>>>> +1, enabled.
>>>>>>>
>>>>>>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban <dkliban at redhat.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> +1, but I already have it enabled.
>>>>>>>>
>>>>>>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis <daviddavis at redhat.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> I got a notification from another organization I am a member of on
>>>>>>>>> Github[0] that they are going to require Two Factor Authentication[1] in
>>>>>>>>> response to recent news about some malicious code being shipped in a
>>>>>>>>> compromised npm package[2].
>>>>>>>>>
>>>>>>>>> We are vulnerable to having malicious code deployed to PyPI if one
>>>>>>>>> of our Github accounts is compromised. Thus, I wonder if we should also
>>>>>>>>> require that people with a commit bit have Two Factor Authentication
>>>>>>>>> enabled.
>>>>>>>>>
>>>>>>>>> Thoughts?
>>>>>>>>>
>>>>>>>>> [0]
>>>>>>>>> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
>>>>>>>>> [1]
>>>>>>>>> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
>>>>>>>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>>>>>>>>
>>>>>>>>> David
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Pulp-dev mailing list
>>>>>>>>> Pulp-dev at redhat.com
>>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Pulp-dev mailing list
>>>>>>>> Pulp-dev at redhat.com
>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Pulp-dev mailing list
>>>>>>> Pulp-dev at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>
>>> _______________________________________________
>>> Pulp-dev mailing list
>>> Pulp-dev at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>> _______________________________________________
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20180820/d45dc31d/attachment.htm>

More information about the Pulp-dev mailing list