[Pulp-dev] Requiring 2FA in Github
Jeff Ortel
jortel at redhat.com
Mon Aug 20 15:04:19 UTC 2018
+1
On 08/15/2018 01:10 PM, David Davis wrote:
> Thanks everyone for the feedback. I have opened a PR for PUP-7 which
> (if approved) will require 2FA for the Pulp organization in Github:
>
> https://github.com/pulp/pups/pull/14
>
> Feedback welcome. Also, I'd like to call for a vote by August 27,
> 2018. Per PUP-1[0], are the voting options:
>
> +1: "Will benefit the project and should definitely be adopted."
> +0: "Might benefit the project and is acceptable."
> -0: "Might not be the right choice but is acceptable."
> -1: "I have serious reservations that need to be thought through and
> addressed."
>
> [0] https://github.com/pulp/pups/blob/master/pup-0001.md
>
> David
>
>
> On Wed, Aug 1, 2018 at 3:00 PM David Davis <daviddavis at redhat.com
> <mailto:daviddavis at redhat.com>> wrote:
>
> +1 to opening a PUP. Seems like that’s the best way to document
> the policy. I will start working on this.
>
> David
>
>
> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse
> <bbouters at redhat.com <mailto:bbouters at redhat.com>> wrote:
>
> +1 to requiring it. I also already have it enabled. Would it
> be possible to either (a) turn this into a short pup and call
> for a vote or (b) add a date to close this email thread
> decision by?
>
> Let me know if I should help write/review any.
>
> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko
> <ttereshc at redhat.com <mailto:ttereshc at redhat.com>> wrote:
>
> +1, enabled.
>
> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban
> <dkliban at redhat.com <mailto:dkliban at redhat.com>> wrote:
>
> +1, but I already have it enabled.
>
> On Thu, Jul 26, 2018 at 3:53 PM, David Davis
> <daviddavis at redhat.com <mailto:daviddavis at redhat.com>>
> wrote:
>
> I got a notification from another organization I
> am a member of on Github[0] that they are going to
> require Two Factor Authentication[1] in response
> to recent news about some malicious code being
> shipped in a compromised npm package[2].
>
> We are vulnerable to having malicious code
> deployed to PyPI if one of our Github accounts is
> compromised. Thus, I wonder if we should also
> require that people with a commit bit have Two
> Factor Authentication enabled.
>
> Thoughts?
>
> [0]
> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
> [1]
> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
> [2]
> https://www.theregister.co.uk/2018/07/12/npm_eslint/
>
> David
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com <mailto:Pulp-dev at redhat.com>
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com <mailto:Pulp-dev at redhat.com>
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com <mailto:Pulp-dev at redhat.com>
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
>
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20180820/78b84768/attachment.htm>
More information about the Pulp-dev
mailing list