intent to enable 2fa requirement for github.com/haskell org
hey everyone, because so much important stuff for the community, it makes sense to add 2fa required for the org, are there any good reasons to either wait to do this, or not do it? Feedback welcome! (if theres no objections i'll do it friday or this weekend, so theres some lead time for anyone who's not setup for that yet) Best wishes and great health to all -carter ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
That's not a lot of lead time. On Wed, Mar 18, 2020, 2:47 PM Carter Schonwald wrote: > hey everyone, because so much important stuff for the community, it makes > sense to add 2fa required for the org, are there any good reasons to either > wait to do this, or not do it? Feedback welcome! > > (if theres no objections i'll do it friday or this weekend, so theres some > lead time for anyone who's not setup for that yet) > > Best wishes and great health to all > -carter > ___ > Libraries mailing list > librar...@haskell.org > http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
true, otoh, 2fa in various usable forms has been widely available for years, and we can reonboard people pretty easily. Its critical haskell infra and to the best of my knowledge, current 2fa tooling is pretty accessible to everyone globally. If someone has specific issues we can address them as they arise! On Wed, Mar 18, 2020 at 3:45 PM David Feuer wrote: > That's not a lot of lead time. > > On Wed, Mar 18, 2020, 2:47 PM Carter Schonwald > wrote: > >> hey everyone, because so much important stuff for the community, it makes >> sense to add 2fa required for the org, are there any good reasons to either >> wait to do this, or not do it? Feedback welcome! >> >> (if theres no objections i'll do it friday or this weekend, so theres >> some lead time for anyone who's not setup for that yet) >> >> Best wishes and great health to all >> -carter >> ___ >> Libraries mailing list >> librar...@haskell.org >> http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries >> > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
No. You don’t. You can use a yubi key and or a totp tool like google Authenticator or 1Password etc. no phones required On Wed, Mar 18, 2020 at 6:16 PM Duncan Coutts wrote: > On Wed, 2020-03-18 at 14:46 -0400, Carter Schonwald wrote: > > hey everyone, because so much important stuff for the community, it > > makes sense to add 2fa required for the org, are there any good > > reasons to either wait to do this, or not do it? Feedback welcome! > > I think I might get cut off. > > Is it not still the case that github's 2fa needs a program running on a > mobile phone, or an SMS-capable mobile phone? Is there any support for > normal tools running on a normal Linux machine? > > (I think last time I tried to use the SMS route, it refused to send SMS > messages to my landline, despite the fact that I can receive them) > > > Duncan > > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
Awesome! After talking with several folks, feedback has been that best practices are to make sure the notice is a week before hand. So what I’ll do is personally reach out to those who aren’t 2fa enabled in the Haskell gh org (and haven’t commented on this thread )and ask them to enable 2fa on their GitHub account. Perhaps I should attach a 2fa options explainer ! I’ll look at folks responses and if everyone active has made the switch over, I’ll look to do a transition next Monday or Tuesday. Be well! (Nyc and many other places are pretty strange right now :/ ) -Carter On Wed, Mar 18, 2020 at 7:42 PM Duncan Coutts wrote: > On Wed, 2020-03-18 at 19:05 -0400, Carter Schonwald wrote: > > No. You don’t. You can use a yubi key and or a totp tool like google > > Authenticator or 1Password etc. no phones required > > It took me a while, but I have successfully managed to turn 2FA back > into 1FA. > > In case it helps anyone else, generate your 2FA response with > > $ oathtool --totp -b $the-2fa-secret > > Where $the-2fa-secret is the code github gives you after the recovery > codes (initially shown as a barcode, but they'll give you the actual > code if you click the link). > > > On Wed, Mar 18, 2020 at 6:16 PM Duncan Coutts > wrote: > > > On Wed, 2020-03-18 at 14:46 -0400, Carter Schonwald wrote: > > > > hey everyone, because so much important stuff for the community, it > > > > makes sense to add 2fa required for the org, are there any good > > > > reasons to either wait to do this, or not do it? Feedback welcome! > > > > > > I think I might get cut off. > > > > > > Is it not still the case that github's 2fa needs a program running on a > > > mobile phone, or an SMS-capable mobile phone? Is there any support for > > > normal tools running on a normal Linux machine? > > > > > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
I agree that this would be a good idea. Cheers, — Ben On March 18, 2020 2:46:47 PM EDT, Carter Schonwald wrote: >hey everyone, because so much important stuff for the community, it >makes >sense to add 2fa required for the org, are there any good reasons to >either >wait to do this, or not do it? Feedback welcome! > >(if theres no objections i'll do it friday or this weekend, so theres >some >lead time for anyone who's not setup for that yet) > >Best wishes and great health to all >-carter -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
> On Mar 18, 2020, at 11:52 PM, Carter Schonwald > wrote: > > After talking with several folks, feedback has been that best practices are > to make sure the notice is a week before hand. > > So what I’ll do is personally reach out to those who aren’t 2fa enabled in > the Haskell gh org (and haven’t commented on this thread )and ask them to > enable 2fa on their GitHub account. Perhaps I should attach a 2fa options > explainer ! > > I’ll look at folks responses and if everyone active has made the switch over, > I’ll look to do a transition next Monday or Tuesday. > If best practices are to wait a week... shouldn't we wait a week? There's no fire here. Richard___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
@ Simon: you already have 2fa enabled, youre not on the list of users who do *not* have 2fa enabled. Its just an extra login prompt the first time you login from a new device or do anything in the "are you sure you want to do that change". SO enabling 2fa is largely invisible to contributors aside from the 5 minutes to setup, and the message i sent out directly to every person who would be impacted that hasn't already replied to this email thread listed a number of options that could choose (though i should have also included a url, but if anyones confused i hope they ask and I can help) @richard indeed, this is why i also directly and individually emailed every member/contributor of the github haskell org individually (who doesnt have 2fa setup). Some of them dont have an easy to track down email address! Basically everyone who's been active in the past two years has responded already or indicated they'll set it up this coming weekend. (in 1-2 cases, it helped remind that they'd forgotten to setup 2fa even though they had planned to ) On Thu, Mar 19, 2020 at 5:44 AM Richard Eisenberg wrote: > > > On Mar 18, 2020, at 11:52 PM, Carter Schonwald > wrote: > > After talking with several folks, feedback has been that best practices > are to make sure the notice is a week before hand. > > So what I’ll do is personally reach out to those who aren’t 2fa enabled in > the Haskell gh org (and haven’t commented on this thread )and ask them to > enable 2fa on their GitHub account. Perhaps I should attach a 2fa options > explainer ! > > I’ll look at folks responses and if everyone active has made the switch > over, I’ll look to do a transition next Monday or Tuesday. > > > If best practices are to wait a week... shouldn't we wait a week? There's > no fire here. > > Richard > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
Duncan, David, please figure out 2fa tools that work for you and enable them, https://github.com/tadfisher/pass-otp https://github.com/solokeys/solo https://github.com/herrjemand/awesome-webauthn#hardware-authenticators https://1password.com/ https://keepass.info/download.html if you are having trouble figuring out tools you're comfortable using, please share with us those constraints we can help you! im here to help (and i'm delaying enabling another day or two to provide help to some active contributors who are having their own difficulties setitng up this stuff) On Wed, Mar 18, 2020 at 6:16 PM Duncan Coutts wrote: > On Wed, 2020-03-18 at 14:46 -0400, Carter Schonwald wrote: > > hey everyone, because so much important stuff for the community, it > > makes sense to add 2fa required for the org, are there any good > > reasons to either wait to do this, or not do it? Feedback welcome! > > I think I might get cut off. > > Is it not still the case that github's 2fa needs a program running on a > mobile phone, or an SMS-capable mobile phone? Is there any support for > normal tools running on a normal Linux machine? > > (I think last time I tried to use the SMS route, it refused to send SMS > messages to my landline, despite the fact that I can receive them) > > > Duncan > > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
I use the following 2fa tools. They offer also import/export functionalities. - andOTP (Android) https://github.com/andOTP/andOTP - OTPClient (Linux) https://github.com/paolostivanin/OTPClient Regards, Giorgio On Wed, 25 Mar 2020 at 17:48, Carter Schonwald wrote: > > Duncan, David, please figure out 2fa tools that work for you and enable them, > > > https://github.com/tadfisher/pass-otp > > https://github.com/solokeys/solo > > https://github.com/herrjemand/awesome-webauthn#hardware-authenticators > > https://1password.com/ > > https://keepass.info/download.html > > > if you are having trouble figuring out tools you're comfortable using, please > share with us those constraints we can help you! > > im here to help (and i'm delaying enabling another day or two to provide help > to some active contributors who are having their own difficulties setitng up > this stuff) > > On Wed, Mar 18, 2020 at 6:16 PM Duncan Coutts wrote: >> >> On Wed, 2020-03-18 at 14:46 -0400, Carter Schonwald wrote: >> > hey everyone, because so much important stuff for the community, it >> > makes sense to add 2fa required for the org, are there any good >> > reasons to either wait to do this, or not do it? Feedback welcome! >> >> I think I might get cut off. >> >> Is it not still the case that github's 2fa needs a program running on a >> mobile phone, or an SMS-capable mobile phone? Is there any support for >> normal tools running on a normal Linux machine? >> >> (I think last time I tried to use the SMS route, it refused to send SMS >> messages to my landline, despite the fact that I can receive them) >> >> >> Duncan >> > ___ > ghc-devs mailing list > ghc-devs@haskell.org > http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: intent to enable 2fa requirement for github.com/haskell org
Yeah, there’s def an incredible diversity of tools that are great in this space. And there’s at this point decent tools for almost every platform constraint imaginable. On Wed, Mar 25, 2020 at 1:30 PM Giorgio Marinelli wrote: > I use the following 2fa tools. They offer also import/export > functionalities. > > - andOTP (Android) https://github.com/andOTP/andOTP > - OTPClient (Linux) https://github.com/paolostivanin/OTPClient > > Regards, > > > Giorgio > > On Wed, 25 Mar 2020 at 17:48, Carter Schonwald > wrote: > > > > Duncan, David, please figure out 2fa tools that work for you and enable > them, > > > > > > https://github.com/tadfisher/pass-otp > > > > https://github.com/solokeys/solo > > > > https://github.com/herrjemand/awesome-webauthn#hardware-authenticators > > > > https://1password.com/ > > > > https://keepass.info/download.html > > > > > > if you are having trouble figuring out tools you're comfortable using, > please share with us those constraints we can help you! > > > > im here to help (and i'm delaying enabling another day or two to provide > help to some active contributors who are having their own difficulties > setitng up this stuff) > > > > On Wed, Mar 18, 2020 at 6:16 PM Duncan Coutts > wrote: > >> > >> On Wed, 2020-03-18 at 14:46 -0400, Carter Schonwald wrote: > >> > hey everyone, because so much important stuff for the community, it > >> > makes sense to add 2fa required for the org, are there any good > >> > reasons to either wait to do this, or not do it? Feedback welcome! > >> > >> I think I might get cut off. > >> > >> Is it not still the case that github's 2fa needs a program running on a > >> mobile phone, or an SMS-capable mobile phone? Is there any support for > >> normal tools running on a normal Linux machine? > >> > >> (I think last time I tried to use the SMS route, it refused to send SMS > >> messages to my landline, despite the fact that I can receive them) > >> > >> > >> Duncan > >> > > ___ > > ghc-devs mailing list > > ghc-devs@haskell.org > > http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
RE: [core libraries] Re: intent to enable 2fa requirement for github.com/haskell org
I have not been following this. What is the consequence for a regular GHC developer, or someone contributing to GHC? In any announcement please give a way to verify “am I affected?” Thanks Simon From: haskell-core-librar...@googlegroups.com On Behalf Of Carter Schonwald Sent: 18 March 2020 23:53 To: Duncan Coutts Cc: Haskell Libraries ; core-libraries-commit...@haskell.org; ghc-devs Subject: [core libraries] Re: intent to enable 2fa requirement for github.com/haskell org Awesome! After talking with several folks, feedback has been that best practices are to make sure the notice is a week before hand. So what I’ll do is personally reach out to those who aren’t 2fa enabled in the Haskell gh org (and haven’t commented on this thread )and ask them to enable 2fa on their GitHub account. Perhaps I should attach a 2fa options explainer ! I’ll look at folks responses and if everyone active has made the switch over, I’ll look to do a transition next Monday or Tuesday. Be well! (Nyc and many other places are pretty strange right now :/ ) -Carter On Wed, Mar 18, 2020 at 7:42 PM Duncan Coutts mailto:dun...@dcoutts.me.uk>> wrote: On Wed, 2020-03-18 at 19:05 -0400, Carter Schonwald wrote: > No. You don’t. You can use a yubi key and or a totp tool like google > Authenticator or 1Password etc. no phones required It took me a while, but I have successfully managed to turn 2FA back into 1FA. In case it helps anyone else, generate your 2FA response with $ oathtool --totp -b $the-2fa-secret Where $the-2fa-secret is the code github gives you after the recovery codes (initially shown as a barcode, but they'll give you the actual code if you click the link). > On Wed, Mar 18, 2020 at 6:16 PM Duncan Coutts > mailto:dun...@dcoutts.me.uk>> wrote: > > On Wed, 2020-03-18 at 14:46 -0400, Carter Schonwald wrote: > > > hey everyone, because so much important stuff for the community, it > > > makes sense to add 2fa required for the org, are there any good > > > reasons to either wait to do this, or not do it? Feedback welcome! > > > > I think I might get cut off. > > > > Is it not still the case that github's 2fa needs a program running on a > > mobile phone, or an SMS-capable mobile phone? Is there any support for > > normal tools running on a normal Linux machine? > > -- You received this message because you are subscribed to the Google Groups "haskell-core-libraries" group. To unsubscribe from this group and stop receiving emails from it, send an email to haskell-core-libraries+unsubscr...@googlegroups.com<mailto:haskell-core-libraries+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/haskell-core-libraries/CAHYVw0x5CTOmQDLp3%2B89muQ%2BvXgmcmgo%3DgCHs8kjBHOMb%3D5Ksw%40mail.gmail.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fhaskell-core-libraries%2FCAHYVw0x5CTOmQDLp3%252B89muQ%252BvXgmcmgo%253DgCHs8kjBHOMb%253D5Ksw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=02%7C01%7Csimonpj%40microsoft.com%7C7f5dc75648ac4e8a4fe708d7cb977cae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637201723806844496&sdata=CP9SSJCInfaF%2Fxhd8%2FdO5zOj1Wsr%2FVbd6J9F5%2BeqHS4%3D&reserved=0>. ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
