What about simply blocking access to the git repos/koji/bodhi for those without 2fa?
On Fri, Apr 12, 2024 at 12:05 PM Kevin Fenzi <ke...@scrye.com> wrote: > On Thu, Apr 11, 2024 at 05:49:27PM -0700, Adam Williamson wrote: > > On Fri, 2024-04-12 at 00:09 +0000, Gary Buhrmaster wrote: > > > > > > What is the best way to formally propose > > > that 2FA is required for packagers after > > > some date > > > > There is already a FESCo ticket. https://pagure.io/fesco/issue/3186 / > > Please don't discuss there, discuss here; FESCo will vote in that > > ticket or a meeting when they feel it appropriate. > > I was wanting to circle back and add some more info to this thread too. > > So, right now as far as I know, IPA doesn't have a way to easily say > 'require a otp to be enrolled if you want to be added to this group'. > > We do have a script that can check current members of a group(s) for otp > and nag them. This is what we do for sysadmin groups, although we > haven't done it in a while. > > So, if FESCo decided we wanted to enforce 2fa for provenpackagers or > whatever, right now that would require some work on some scripting, > which I guess would remove people without otp? But then there would > still be a window when the user was added and before the script removed > them. Or some way for sponsors to check otp status before sponsoring > someone, but if thats manually it could be missed. > > I think in any case it might be good to find all the {proven}packager > members without otp and perhaps email them a note about how to set > things up, etc. > > kevin > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
