On 11/25/19 11:03 AM, Seth Hillbrand wrote: > On 2019-11-25 06:08, Wayne Stambaugh wrote: >> Hi Mark, >> >> Do you mean using a GPG key? I see the gitlab supports signed commits >> so would that be an adequate solution? I'm fine with this, it's >> probably something we should be doing anyway. Anyone else object to >> this? >> > > 2FA would be using something like Google Authenticator on your phone, a > YubiKey or SMS message code to verify your login on a computer in > addition to the password. > > The worry is that SSH keys can be added to a compromised account that > would allow an attacker to change the code/website/packages/etc.
If gitlab supports this, I don't have an issue with it. I don't see it as a major inconvenience. I didn't look but I wonder if gitlab can be configured to send out alerts when your user account settings are changed. > > -S > > Seth Hillbrand > KiCad Services Corporation > https://www.kipro-pcb.com > +1 530 302 5483 | +1 212 603 9372 > > _______________________________________________ > Mailing list: https://launchpad.net/~kicad-developers > Post to : kicad-developers@lists.launchpad.net > Unsubscribe : https://launchpad.net/~kicad-developers > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~kicad-developers Post to : kicad-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~kicad-developers More help : https://help.launchpad.net/ListHelp