This PUP has been merged. I’ll send out the initial announcement in a new thread in the next few days. This announcement will include the date when we plan to enable the 2FA requirement.
Thanks. David On Mon, Aug 20, 2018 at 11:04 AM Jeff Ortel <jor...@redhat.com> wrote: > +1 > > On 08/15/2018 01:10 PM, David Davis wrote: > > Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if > approved) will require 2FA for the Pulp organization in Github: > > https://github.com/pulp/pups/pull/14 > > Feedback welcome. Also, I'd like to call for a vote by August 27, 2018. > Per PUP-1[0], are the voting options: > > +1: "Will benefit the project and should definitely be adopted." > +0: "Might benefit the project and is acceptable." > -0: "Might not be the right choice but is acceptable." > -1: "I have serious reservations that need to be thought through and > addressed." > > [0] https://github.com/pulp/pups/blob/master/pup-0001.md > > David > > > On Wed, Aug 1, 2018 at 3:00 PM David Davis <davidda...@redhat.com> wrote: > >> +1 to opening a PUP. Seems like that’s the best way to document the >> policy. I will start working on this. >> >> David >> >> >> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse <bbout...@redhat.com> >> wrote: >> >>> +1 to requiring it. I also already have it enabled. Would it be possible >>> to either (a) turn this into a short pup and call for a vote or (b) add a >>> date to close this email thread decision by? >>> >>> Let me know if I should help write/review any. >>> >>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko < >>> ttere...@redhat.com> wrote: >>> >>>> +1, enabled. >>>> >>>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban <dkli...@redhat.com> >>>> wrote: >>>> >>>>> +1, but I already have it enabled. >>>>> >>>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis <davidda...@redhat.com> >>>>> wrote: >>>>> >>>>>> I got a notification from another organization I am a member of on >>>>>> Github[0] that they are going to require Two Factor Authentication[1] in >>>>>> response to recent news about some malicious code being shipped in a >>>>>> compromised npm package[2]. >>>>>> >>>>>> We are vulnerable to having malicious code deployed to PyPI if one of >>>>>> our Github accounts is compromised. Thus, I wonder if we should also >>>>>> require that people with a commit bit have Two Factor Authentication >>>>>> enabled. >>>>>> >>>>>> Thoughts? >>>>>> >>>>>> [0] >>>>>> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404 >>>>>> [1] >>>>>> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/ >>>>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/ >>>>>> >>>>>> David >>>>>> >>>>>> _______________________________________________ >>>>>> Pulp-dev mailing list >>>>>> Pulp-dev@redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Pulp-dev mailing list >>>>> Pulp-dev@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Pulp-dev mailing list >>>> Pulp-dev@redhat.com >>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>> >>>> >>> > > _______________________________________________ > Pulp-dev mailing > listPulp-dev@redhat.comhttps://www.redhat.com/mailman/listinfo/pulp-dev > > > _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev