I'd also be +1 on this. Note however that the user in question did have 2FA enabled already and indeed this doesn't help for compromised tokens. I think we can force some limits on what tokens are allowed, I'm not entirely sure here and on how restricting this may turn out to be for people.
Anyway, requiring 2FA is a decent step I support. Cheers, Floris On Thu 08 Dec 2022 at 13:17 -0300, Bruno Oliveira wrote: > Hi folks, > > Given the recent incident of suspicious activity using a stolen credential > from a pytest-dev org member, it was suggested that pytest is high-enough > profile that we should require 2FA for all members. > > I'm definitely +1 on this, sending this message here in case someone wants > to voice concerns. > > Cheers, > Bruno. > _______________________________________________ > pytest-dev mailing list > pytest-dev@python.org > https://mail.python.org/mailman/listinfo/pytest-dev _______________________________________________ pytest-dev mailing list pytest-dev@python.org https://mail.python.org/mailman/listinfo/pytest-dev
