+1 On Wed, Aug 15, 2018 at 4:06 PM, Brian Bouterse <bbout...@redhat.com> wrote:
> +1 > > tiny grammar fix on the PR requested. Thank you for organizing this! > > On Wed, Aug 15, 2018 at 2:10 PM, David Davis <davidda...@redhat.com> > wrote: > >> Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if >> approved) will require 2FA for the Pulp organization in Github: >> >> https://github.com/pulp/pups/pull/14 >> >> Feedback welcome. Also, I'd like to call for a vote by August 27, 2018. >> Per PUP-1[0], are the voting options: >> >> +1: "Will benefit the project and should definitely be adopted." >> +0: "Might benefit the project and is acceptable." >> -0: "Might not be the right choice but is acceptable." >> -1: "I have serious reservations that need to be thought through and >> addressed." >> >> [0] https://github.com/pulp/pups/blob/master/pup-0001.md >> >> David >> >> >> On Wed, Aug 1, 2018 at 3:00 PM David Davis <davidda...@redhat.com> wrote: >> >>> +1 to opening a PUP. Seems like that’s the best way to document the >>> policy. I will start working on this. >>> >>> David >>> >>> >>> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse <bbout...@redhat.com> >>> wrote: >>> >>>> +1 to requiring it. I also already have it enabled. Would it be >>>> possible to either (a) turn this into a short pup and call for a vote or >>>> (b) add a date to close this email thread decision by? >>>> >>>> Let me know if I should help write/review any. >>>> >>>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko < >>>> ttere...@redhat.com> wrote: >>>> >>>>> +1, enabled. >>>>> >>>>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban <dkli...@redhat.com> >>>>> wrote: >>>>> >>>>>> +1, but I already have it enabled. >>>>>> >>>>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis <davidda...@redhat.com> >>>>>> wrote: >>>>>> >>>>>>> I got a notification from another organization I am a member of on >>>>>>> Github[0] that they are going to require Two Factor Authentication[1] in >>>>>>> response to recent news about some malicious code being shipped in a >>>>>>> compromised npm package[2]. >>>>>>> >>>>>>> We are vulnerable to having malicious code deployed to PyPI if one >>>>>>> of our Github accounts is compromised. Thus, I wonder if we should also >>>>>>> require that people with a commit bit have Two Factor Authentication >>>>>>> enabled. >>>>>>> >>>>>>> Thoughts? >>>>>>> >>>>>>> [0] https://community.theforeman.org/t/require-2fa-for- >>>>>>> github-organization-members/10404 >>>>>>> [1] https://help.github.com/articles/requiring-two-factor-au >>>>>>> thentication-in-your-organization/ >>>>>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/ >>>>>>> >>>>>>> David >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Pulp-dev mailing list >>>>>>> Pulp-dev@redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Pulp-dev mailing list >>>>>> Pulp-dev@redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Pulp-dev mailing list >>>>> Pulp-dev@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>> >>>>> >>>> > > _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev > >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
