Further progress, and requests for your opinions, in today's summary: https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/10
Wes: thanks - I have linked to your suggestion and linked resources within https://github.com/pypa/warehouse/issues/996 but, good news, folks working on this task have already mentioned WebAuthn, so it is on the table. -- Sumana Harihareswara On Fri, Mar 22, 2019, at 10:37 PM, Wes Turner wrote: > Is webauthn the multi-factor / 2FA spec to implement now? It's now > approved; so while you experts are working on it it may be worth a look > to just implement webauthn while we have funding for experts > > https://www.w3.org/TR/webauthn/ > > Discourse mentions FIDO. FIDO2 is webauthn, AFAIU. > > There are a number of implementations: > > https://pypi.org/search/?q=webauthn > > https://github.com/topics/webauthn > > On Friday, March 22, 2019, Sumana Harihareswara <s...@changeset.nyc> wrote: > > Work has started on the Open Technology Fund-supported project to improve > > Warehouse security, accessibility, and internationalization. More details > > in today's progress report: > > > > https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/2 > > > > > > best, > > Sumana Harihareswara > > Warehouse project manager > > Changeset Consulting > > -- > > Distutils-SIG mailing list -- distutils-sig@python.org > > To unsubscribe send an email to distutils-sig-le...@python.org > > https://mail.python.org/mailman3/lists/distutils-sig.python.org/ > > Message archived at > > https://mail.python.org/archives/list/distutils-sig@python.org/message/3E64P4GNVFSG4JA42OITJUCYU5H3QLAZ/ -- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-le...@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/LSEFPHXYLDY34A6DI7OLCZCPU6JUKLBX/