[Pulp-dev] Requiring 2FA in Github

David Davis daviddavis at redhat.com
Thu Jul 26 19:53:30 UTC 2018

I got a notification from another organization I am a member of on
Github[0] that they are going to require Two Factor Authentication[1] in
response to recent news about some malicious code being shipped in a
compromised npm package[2].

We are vulnerable to having malicious code deployed to PyPI if one of our
Github accounts is compromised. Thus, I wonder if we should also require
that people with a commit bit have Two Factor Authentication enabled.


[2] https://www.theregister.co.uk/2018/07/12/npm_eslint/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20180726/c921bfaf/attachment.htm>

More information about the Pulp-dev mailing list