Paride Legovini <par...@debian.org> writes: > It's still one static shared secret you need to enter every time. If it > gets stolen, because your browser or your computer is compromised, or in > a MITM attack where the attacker gained access to a valid certificate > for salsa.debian.org [1,2], your account is gone. It gets much, much > more difficult with 2FA.
If we're concerned about CA attacks on debian.org servers, it's worth noting that (a) most of us run Debian for obvious reasons, and (b) the entire *point* of Debian is to safely and securely put configuration onto all of our machines, which together mean that implementing certificate pinning for our own infrastructure is entirely doable. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>