On 2019-11-25 06:08, Wayne Stambaugh wrote:
Hi Mark,
Do you mean using a GPG key? I see the gitlab supports signed commits
so would that be an adequate solution? I'm fine with this, it's
probably something we should be doing anyway. Anyone else object to
this?
2FA would be using something like Google Authenticator on your phone, a
YubiKey or SMS message code to verify your login on a computer in
addition to the password.
The worry is that SSH keys can be added to a compromised account that
would allow an attacker to change the code/website/packages/etc.
-S
Seth Hillbrand
KiCad Services Corporation
https://www.kipro-pcb.com
+1 530 302 5483 | +1 212 603 9372
_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
Post to : kicad-developers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kicad-developers
More help : https://help.launchpad.net/ListHelp