Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if approved) will require 2FA for the Pulp organization in Github:
https://github.com/pulp/pups/pull/14 Feedback welcome. Also, I'd like to call for a vote by August 27, 2018. Per PUP-1[0], are the voting options: +1: "Will benefit the project and should definitely be adopted." +0: "Might benefit the project and is acceptable." -0: "Might not be the right choice but is acceptable." -1: "I have serious reservations that need to be thought through and addressed." [0] https://github.com/pulp/pups/blob/master/pup-0001.md David On Wed, Aug 1, 2018 at 3:00 PM David Davis <davidda...@redhat.com> wrote: > +1 to opening a PUP. Seems like that’s the best way to document the > policy. I will start working on this. > > David > > > On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse <bbout...@redhat.com> > wrote: > >> +1 to requiring it. I also already have it enabled. Would it be possible >> to either (a) turn this into a short pup and call for a vote or (b) add a >> date to close this email thread decision by? >> >> Let me know if I should help write/review any. >> >> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko < >> ttere...@redhat.com> wrote: >> >>> +1, enabled. >>> >>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban <dkli...@redhat.com> >>> wrote: >>> >>>> +1, but I already have it enabled. >>>> >>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis <davidda...@redhat.com> >>>> wrote: >>>> >>>>> I got a notification from another organization I am a member of on >>>>> Github[0] that they are going to require Two Factor Authentication[1] in >>>>> response to recent news about some malicious code being shipped in a >>>>> compromised npm package[2]. >>>>> >>>>> We are vulnerable to having malicious code deployed to PyPI if one of >>>>> our Github accounts is compromised. Thus, I wonder if we should also >>>>> require that people with a commit bit have Two Factor Authentication >>>>> enabled. >>>>> >>>>> Thoughts? >>>>> >>>>> [0] >>>>> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404 >>>>> [1] >>>>> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/ >>>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/ >>>>> >>>>> David >>>>> >>>>> _______________________________________________ >>>>> Pulp-dev mailing list >>>>> Pulp-dev@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Pulp-dev mailing list >>>> Pulp-dev@redhat.com >>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>> >>>> >>> >>> _______________________________________________ >>> Pulp-dev mailing list >>> Pulp-dev@redhat.com >>> https://www.redhat.com/mailman/listinfo/pulp-dev >>> >>> >>
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
