Thanks for sharing your experience, and I think it's important for us core developers to be careful and vigilant about this.
I was wondering if we should add under the "core developers responsibility" section (https://devguide.python.org/coredev/#responsibilities), about securing their GitHub account with 2FA/MFA? I think this is something that can be made as required by the org admins. (and add that we'll work with folks if they need assistance in setting those up). On Mon, Jun 14, 2021 at 12:38 PM Brett Cannon <br...@python.org> wrote: > I have discovered someone tried to break into my GitHub account (you can > check yourself by going to https://github.com/settings/security-log and > looking for "failed to login" attempts for potentially odd geographical > locations for yourself). CPython probably would have been the biggest > target for them had they gotten in (my work stuff is all open source and it > would have required breaking into another account). But GitHub has a > completely unique password and MFA turned on, so they were unsuccessful. > > Please make sure you have a unique password for your GitHub account and > that you have 2FA/MFA turned on (I honestly think we should start requiring > this; I'm sure we can get money for folks to get security keys). Other > languages like PHP have been successfully hacked ( > https://arstechnica.com/gadgets/2021/03/hackers-backdoor-php-source-code-after-breaching-internal-git-server/), > so this isn't a hypothetical anymore that we would be targets for folks who > want to install a backdoor into one of the world's most popular programming > languages and is now mission-critical for a lot of massive corporations and > governments. > _______________________________________________ > python-committers mailing list -- python-committers@python.org > To unsubscribe send an email to python-committers-le...@python.org > https://mail.python.org/mailman3/lists/python-committers.python.org/ > Message archived at > https://mail.python.org/archives/list/python-committers@python.org/message/IS5ZGCRBBZ2RRRBJO4ZPG6P6XDPSDEYI/ > Code of Conduct: https://www.python.org/psf/codeofconduct/ >
_______________________________________________ python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-le...@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/2ZJHJLXP5GNWLVYSEEHTAC2PTWLNLBST/ Code of Conduct: https://www.python.org/psf/codeofconduct/
