On Thu, 2011-11-10 at 12:47 +0100, Olav Vitters wrote:
> Loads of people currently have access to master.gnome.org as to upload
> tarballs. This is currently done by handing out shell access to these
> people.
>
> If any of the 350+ has their machine compromised, someone could easily
> use that to reach shell on master.gnome.org. I don't want that to be
> possible.
One of the things I set up for kernel.org (although I don't think it's
deployed for normal users {yet,}) is two-factor authentication. So you
are required to use an SSH key *and* a one-time password (using Google
Authenticator) in order to log in.
--
dwmw2
_______________________________________________
desktop-devel-list mailing list
desktop-devel-list@gnome.org
http://mail.gnome.org/mailman/listinfo/desktop-devel-list
