subject:"\[Pulp\-dev\] Requiring 2FA in Github"

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-29 Thread David Davis

This PUP has been merged. I’ll send out the initial announcement in a new
thread in the next few days. This announcement will include the date when
we plan to enable the 2FA requirement.

Thanks.

David


On Mon, Aug 20, 2018 at 11:04 AM Jeff Ortel  wrote:

> +1
>
> On 08/15/2018 01:10 PM, David Davis wrote:
>
> Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if
> approved) will require 2FA for the Pulp organization in Github:
>
> https://github.com/pulp/pups/pull/14
>
> Feedback welcome. Also, I'd like to call for a vote by August 27, 2018.
> Per PUP-1[0], are the voting options:
>
> +1: "Will benefit the project and should definitely be adopted."
> +0: "Might benefit the project and is acceptable."
> -0: "Might not be the right choice but is acceptable."
> -1: "I have serious reservations that need to be thought through and
> addressed."
>
> [0] https://github.com/pulp/pups/blob/master/pup-0001.md
>
> David
>
>
> On Wed, Aug 1, 2018 at 3:00 PM David Davis  wrote:
>
>> +1 to opening a PUP. Seems like that’s the best way to document the
>> policy. I will start working on this.
>>
>> David
>>
>>
>> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse 
>> wrote:
>>
>>> +1 to requiring it. I also already have it enabled. Would it be possible
>>> to either (a) turn this into a short pup and call for a vote or (b) add a
>>> date to close this email thread decision by?
>>>
>>> Let me know if I should help write/review any.
>>>
>>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
>>> ttere...@redhat.com> wrote:
>>>
 +1, enabled.

 On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
 wrote:

> +1, but I already have it enabled.
>
> On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
> wrote:
>
>> I got a notification from another organization I am a member of on
>> Github[0] that they are going to require Two Factor Authentication[1] in
>> response to recent news about some malicious code being shipped in a
>> compromised npm package[2].
>>
>> We are vulnerable to having malicious code deployed to PyPI if one of
>> our Github accounts is compromised. Thus, I wonder if we should also
>> require that people with a commit bit have Two Factor Authentication
>> enabled.
>>
>> Thoughts?
>>
>> [0]
>> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
>> [1]
>> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>
>> David
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>

 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev


>>>
>
> ___
> Pulp-dev mailing 
> listPulp-dev@redhat.comhttps://www.redhat.com/mailman/listinfo/pulp-dev
>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-20 Thread Jeff Ortel


+1

On 08/15/2018 01:10 PM, David Davis wrote:
Thanks everyone for the feedback. I have opened a PR for PUP-7 which 
(if approved) will require 2FA for the Pulp organization in Github:


https://github.com/pulp/pups/pull/14

Feedback welcome. Also, I'd like to call for a vote by August 27, 
2018. Per PUP-1[0], are the voting options:


+1: "Will benefit the project and should definitely be adopted."
+0: "Might benefit the project and is acceptable."
-0: "Might not be the right choice but is acceptable."
-1: "I have serious reservations that need to be thought through and 
addressed."


[0] https://github.com/pulp/pups/blob/master/pup-0001.md

David


On Wed, Aug 1, 2018 at 3:00 PM David Davis > wrote:


+1 to opening a PUP. Seems like that’s the best way to document
the policy. I will start working on this.

David


On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse
mailto:bbout...@redhat.com>> wrote:

+1 to requiring it. I also already have it enabled. Would it
be possible to either (a) turn this into a short pup and call
for a vote or (b) add a date to close this email thread
decision by?

Let me know if I should help write/review any.

On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko
mailto:ttere...@redhat.com>> wrote:

+1, enabled.

On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban
mailto:dkli...@redhat.com>> wrote:

+1, but I already have it enabled.

On Thu, Jul 26, 2018 at 3:53 PM, David Davis
mailto:davidda...@redhat.com>>
wrote:

I got a notification from another organization I
am a member of on Github[0] that they are going to
require Two Factor Authentication[1] in response
to recent news about some malicious code being
shipped in a compromised npm package[2].

We are vulnerable to having malicious code
deployed to PyPI if one of our Github accounts is
compromised. Thus, I wonder if we should also
require that people with a commit bit have Two
Factor Authentication enabled.

Thoughts?

[0]

https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
[1]

https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
[2]
https://www.theregister.co.uk/2018/07/12/npm_eslint/

David

___
Pulp-dev mailing list
Pulp-dev@redhat.com 
https://www.redhat.com/mailman/listinfo/pulp-dev



___
Pulp-dev mailing list
Pulp-dev@redhat.com 
https://www.redhat.com/mailman/listinfo/pulp-dev



___
Pulp-dev mailing list
Pulp-dev@redhat.com 
https://www.redhat.com/mailman/listinfo/pulp-dev




___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev


___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-20 Thread David Davis

There were some questions this morning about how to set up 2FA and use it
with Github. I want to send out this link:

https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/

I’ve added this link to the PUP as well. If you have more questions, feel
free to ask.

David


On Thu, Aug 16, 2018 at 12:33 PM Ina Panova  wrote:

> +1
>
>
>
> 
> Regards,
>
> Ina Panova
> Software Engineer| Pulp| Red Hat Inc.
>
> "Do not go where the path may lead,
>  go instead where there is no path and leave a trail."
>
> On Thu, Aug 16, 2018 at 3:08 PM, Dennis Kliban  wrote:
>
>> +1
>>
>> On Wed, Aug 15, 2018 at 4:06 PM, Brian Bouterse 
>> wrote:
>>
>>> +1
>>>
>>> tiny grammar fix on the PR requested. Thank you for organizing this!
>>>
>>> On Wed, Aug 15, 2018 at 2:10 PM, David Davis 
>>> wrote:
>>>
 Thanks everyone for the feedback. I have opened a PR for PUP-7 which
 (if approved) will require 2FA for the Pulp organization in Github:

 https://github.com/pulp/pups/pull/14

 Feedback welcome. Also, I'd like to call for a vote by August 27, 2018.
 Per PUP-1[0], are the voting options:

 +1: "Will benefit the project and should definitely be adopted."
 +0: "Might benefit the project and is acceptable."
 -0: "Might not be the right choice but is acceptable."
 -1: "I have serious reservations that need to be thought through and
 addressed."

 [0] https://github.com/pulp/pups/blob/master/pup-0001.md

 David


 On Wed, Aug 1, 2018 at 3:00 PM David Davis 
 wrote:

> +1 to opening a PUP. Seems like that’s the best way to document the
> policy. I will start working on this.
>
> David
>
>
> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse 
> wrote:
>
>> +1 to requiring it. I also already have it enabled. Would it be
>> possible to either (a) turn this into a short pup and call for a vote or
>> (b) add a date to close this email thread decision by?
>>
>> Let me know if I should help write/review any.
>>
>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
>> ttere...@redhat.com> wrote:
>>
>>> +1, enabled.
>>>
>>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
>>> wrote:
>>>
 +1, but I already have it enabled.

 On Thu, Jul 26, 2018 at 3:53 PM, David Davis >>> > wrote:

> I got a notification from another organization I am a member of on
> Github[0] that they are going to require Two Factor Authentication[1] 
> in
> response to recent news about some malicious code being shipped in a
> compromised npm package[2].
>
> We are vulnerable to having malicious code deployed to PyPI if one
> of our Github accounts is compromised. Thus, I wonder if we should 
> also
> require that people with a commit bit have Two Factor Authentication
> enabled.
>
> Thoughts?
>
> [0]
> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
> [1]
> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>
> David
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>

 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev


>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-16 Thread Ina Panova

+1




Regards,

Ina Panova
Software Engineer| Pulp| Red Hat Inc.

"Do not go where the path may lead,
 go instead where there is no path and leave a trail."

On Thu, Aug 16, 2018 at 3:08 PM, Dennis Kliban  wrote:

> +1
>
> On Wed, Aug 15, 2018 at 4:06 PM, Brian Bouterse 
> wrote:
>
>> +1
>>
>> tiny grammar fix on the PR requested. Thank you for organizing this!
>>
>> On Wed, Aug 15, 2018 at 2:10 PM, David Davis 
>> wrote:
>>
>>> Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if
>>> approved) will require 2FA for the Pulp organization in Github:
>>>
>>> https://github.com/pulp/pups/pull/14
>>>
>>> Feedback welcome. Also, I'd like to call for a vote by August 27, 2018.
>>> Per PUP-1[0], are the voting options:
>>>
>>> +1: "Will benefit the project and should definitely be adopted."
>>> +0: "Might benefit the project and is acceptable."
>>> -0: "Might not be the right choice but is acceptable."
>>> -1: "I have serious reservations that need to be thought through and
>>> addressed."
>>>
>>> [0] https://github.com/pulp/pups/blob/master/pup-0001.md
>>>
>>> David
>>>
>>>
>>> On Wed, Aug 1, 2018 at 3:00 PM David Davis 
>>> wrote:
>>>
 +1 to opening a PUP. Seems like that’s the best way to document the
 policy. I will start working on this.

 David


 On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse 
 wrote:

> +1 to requiring it. I also already have it enabled. Would it be
> possible to either (a) turn this into a short pup and call for a vote or
> (b) add a date to close this email thread decision by?
>
> Let me know if I should help write/review any.
>
> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
> ttere...@redhat.com> wrote:
>
>> +1, enabled.
>>
>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
>> wrote:
>>
>>> +1, but I already have it enabled.
>>>
>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
>>> wrote:
>>>
 I got a notification from another organization I am a member of on
 Github[0] that they are going to require Two Factor Authentication[1] 
 in
 response to recent news about some malicious code being shipped in a
 compromised npm package[2].

 We are vulnerable to having malicious code deployed to PyPI if one
 of our Github accounts is compromised. Thus, I wonder if we should also
 require that people with a commit bit have Two Factor Authentication
 enabled.

 Thoughts?

 [0] https://community.theforeman.org/t/require-2fa-for-githu
 b-organization-members/10404
 [1] https://help.github.com/articles/requiring-two-factor-au
 thentication-in-your-organization/
 [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/

 David

 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev


>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-16 Thread Dennis Kliban

+1

On Wed, Aug 15, 2018 at 4:06 PM, Brian Bouterse  wrote:

> +1
>
> tiny grammar fix on the PR requested. Thank you for organizing this!
>
> On Wed, Aug 15, 2018 at 2:10 PM, David Davis 
> wrote:
>
>> Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if
>> approved) will require 2FA for the Pulp organization in Github:
>>
>> https://github.com/pulp/pups/pull/14
>>
>> Feedback welcome. Also, I'd like to call for a vote by August 27, 2018.
>> Per PUP-1[0], are the voting options:
>>
>> +1: "Will benefit the project and should definitely be adopted."
>> +0: "Might benefit the project and is acceptable."
>> -0: "Might not be the right choice but is acceptable."
>> -1: "I have serious reservations that need to be thought through and
>> addressed."
>>
>> [0] https://github.com/pulp/pups/blob/master/pup-0001.md
>>
>> David
>>
>>
>> On Wed, Aug 1, 2018 at 3:00 PM David Davis  wrote:
>>
>>> +1 to opening a PUP. Seems like that’s the best way to document the
>>> policy. I will start working on this.
>>>
>>> David
>>>
>>>
>>> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse 
>>> wrote:
>>>
 +1 to requiring it. I also already have it enabled. Would it be
 possible to either (a) turn this into a short pup and call for a vote or
 (b) add a date to close this email thread decision by?

 Let me know if I should help write/review any.

 On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
 ttere...@redhat.com> wrote:

> +1, enabled.
>
> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
> wrote:
>
>> +1, but I already have it enabled.
>>
>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
>> wrote:
>>
>>> I got a notification from another organization I am a member of on
>>> Github[0] that they are going to require Two Factor Authentication[1] in
>>> response to recent news about some malicious code being shipped in a
>>> compromised npm package[2].
>>>
>>> We are vulnerable to having malicious code deployed to PyPI if one
>>> of our Github accounts is compromised. Thus, I wonder if we should also
>>> require that people with a commit bit have Two Factor Authentication
>>> enabled.
>>>
>>> Thoughts?
>>>
>>> [0] https://community.theforeman.org/t/require-2fa-for-
>>> github-organization-members/10404
>>> [1] https://help.github.com/articles/requiring-two-factor-au
>>> thentication-in-your-organization/
>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>>
>>> David
>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>

>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-15 Thread Brian Bouterse

+1

tiny grammar fix on the PR requested. Thank you for organizing this!

On Wed, Aug 15, 2018 at 2:10 PM, David Davis  wrote:

> Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if
> approved) will require 2FA for the Pulp organization in Github:
>
> https://github.com/pulp/pups/pull/14
>
> Feedback welcome. Also, I'd like to call for a vote by August 27, 2018.
> Per PUP-1[0], are the voting options:
>
> +1: "Will benefit the project and should definitely be adopted."
> +0: "Might benefit the project and is acceptable."
> -0: "Might not be the right choice but is acceptable."
> -1: "I have serious reservations that need to be thought through and
> addressed."
>
> [0] https://github.com/pulp/pups/blob/master/pup-0001.md
>
> David
>
>
> On Wed, Aug 1, 2018 at 3:00 PM David Davis  wrote:
>
>> +1 to opening a PUP. Seems like that’s the best way to document the
>> policy. I will start working on this.
>>
>> David
>>
>>
>> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse 
>> wrote:
>>
>>> +1 to requiring it. I also already have it enabled. Would it be possible
>>> to either (a) turn this into a short pup and call for a vote or (b) add a
>>> date to close this email thread decision by?
>>>
>>> Let me know if I should help write/review any.
>>>
>>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
>>> ttere...@redhat.com> wrote:
>>>
 +1, enabled.

 On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
 wrote:

> +1, but I already have it enabled.
>
> On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
> wrote:
>
>> I got a notification from another organization I am a member of on
>> Github[0] that they are going to require Two Factor Authentication[1] in
>> response to recent news about some malicious code being shipped in a
>> compromised npm package[2].
>>
>> We are vulnerable to having malicious code deployed to PyPI if one of
>> our Github accounts is compromised. Thus, I wonder if we should also
>> require that people with a commit bit have Two Factor Authentication
>> enabled.
>>
>> Thoughts?
>>
>> [0] https://community.theforeman.org/t/require-2fa-
>> for-github-organization-members/10404
>> [1] https://help.github.com/articles/requiring-two-factor-
>> authentication-in-your-organization/
>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>
>> David
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>

 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev


>>>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-15 Thread David Davis

Thanks everyone for the feedback. I have opened a PR for PUP-7 which (if
approved) will require 2FA for the Pulp organization in Github:

https://github.com/pulp/pups/pull/14

Feedback welcome. Also, I'd like to call for a vote by August 27, 2018. Per
PUP-1[0], are the voting options:

+1: "Will benefit the project and should definitely be adopted."
+0: "Might benefit the project and is acceptable."
-0: "Might not be the right choice but is acceptable."
-1: "I have serious reservations that need to be thought through and
addressed."

[0] https://github.com/pulp/pups/blob/master/pup-0001.md

David


On Wed, Aug 1, 2018 at 3:00 PM David Davis  wrote:

> +1 to opening a PUP. Seems like that’s the best way to document the
> policy. I will start working on this.
>
> David
>
>
> On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse 
> wrote:
>
>> +1 to requiring it. I also already have it enabled. Would it be possible
>> to either (a) turn this into a short pup and call for a vote or (b) add a
>> date to close this email thread decision by?
>>
>> Let me know if I should help write/review any.
>>
>> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko <
>> ttere...@redhat.com> wrote:
>>
>>> +1, enabled.
>>>
>>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
>>> wrote:
>>>
 +1, but I already have it enabled.

 On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
 wrote:

> I got a notification from another organization I am a member of on
> Github[0] that they are going to require Two Factor Authentication[1] in
> response to recent news about some malicious code being shipped in a
> compromised npm package[2].
>
> We are vulnerable to having malicious code deployed to PyPI if one of
> our Github accounts is compromised. Thus, I wonder if we should also
> require that people with a commit bit have Two Factor Authentication
> enabled.
>
> Thoughts?
>
> [0]
> https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
> [1]
> https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>
> David
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>

 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev


>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-08-01 Thread David Davis

+1 to opening a PUP. Seems like that’s the best way to document the policy.
I will start working on this.

David


On Mon, Jul 30, 2018 at 2:21 PM Brian Bouterse  wrote:

> +1 to requiring it. I also already have it enabled. Would it be possible
> to either (a) turn this into a short pup and call for a vote or (b) add a
> date to close this email thread decision by?
>
> Let me know if I should help write/review any.
>
> On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko  > wrote:
>
>> +1, enabled.
>>
>> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
>> wrote:
>>
>>> +1, but I already have it enabled.
>>>
>>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
>>> wrote:
>>>
 I got a notification from another organization I am a member of on
 Github[0] that they are going to require Two Factor Authentication[1] in
 response to recent news about some malicious code being shipped in a
 compromised npm package[2].

 We are vulnerable to having malicious code deployed to PyPI if one of
 our Github accounts is compromised. Thus, I wonder if we should also
 require that people with a commit bit have Two Factor Authentication
 enabled.

 Thoughts?

 [0]
 https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
 [1]
 https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
 [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/

 David

 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev


>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-07-30 Thread Brian Bouterse

+1 to requiring it. I also already have it enabled. Would it be possible to
either (a) turn this into a short pup and call for a vote or (b) add a date
to close this email thread decision by?

Let me know if I should help write/review any.

On Sat, Jul 28, 2018 at 6:09 AM, Tatiana Tereshchenko 
wrote:

> +1, enabled.
>
> On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban 
> wrote:
>
>> +1, but I already have it enabled.
>>
>> On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
>> wrote:
>>
>>> I got a notification from another organization I am a member of on
>>> Github[0] that they are going to require Two Factor Authentication[1] in
>>> response to recent news about some malicious code being shipped in a
>>> compromised npm package[2].
>>>
>>> We are vulnerable to having malicious code deployed to PyPI if one of
>>> our Github accounts is compromised. Thus, I wonder if we should also
>>> require that people with a commit bit have Two Factor Authentication
>>> enabled.
>>>
>>> Thoughts?
>>>
>>> [0] https://community.theforeman.org/t/require-2fa-for-githu
>>> b-organization-members/10404
>>> [1] https://help.github.com/articles/requiring-two-factor-au
>>> thentication-in-your-organization/
>>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>>
>>> David
>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>>>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-07-28 Thread Tatiana Tereshchenko

+1, enabled.

On Fri, Jul 27, 2018 at 12:02 AM, Dennis Kliban  wrote:

> +1, but I already have it enabled.
>
> On Thu, Jul 26, 2018 at 3:53 PM, David Davis 
> wrote:
>
>> I got a notification from another organization I am a member of on
>> Github[0] that they are going to require Two Factor Authentication[1] in
>> response to recent news about some malicious code being shipped in a
>> compromised npm package[2].
>>
>> We are vulnerable to having malicious code deployed to PyPI if one of our
>> Github accounts is compromised. Thus, I wonder if we should also require
>> that people with a commit bit have Two Factor Authentication enabled.
>>
>> Thoughts?
>>
>> [0] https://community.theforeman.org/t/require-2fa-for-
>> github-organization-members/10404
>> [1] https://help.github.com/articles/requiring-two-factor-au
>> thentication-in-your-organization/
>> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>>
>> David
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

2018-07-26 Thread Dennis Kliban

+1, but I already have it enabled.

On Thu, Jul 26, 2018 at 3:53 PM, David Davis  wrote:

> I got a notification from another organization I am a member of on
> Github[0] that they are going to require Two Factor Authentication[1] in
> response to recent news about some malicious code being shipped in a
> compromised npm package[2].
>
> We are vulnerable to having malicious code deployed to PyPI if one of our
> Github accounts is compromised. Thus, I wonder if we should also require
> that people with a commit bit have Two Factor Authentication enabled.
>
> Thoughts?
>
> [0] https://community.theforeman.org/t/require-2fa-
> for-github-organization-members/10404
> [1] https://help.github.com/articles/requiring-two-factor-
> authentication-in-your-organization/
> [2] https://www.theregister.co.uk/2018/07/12/npm_eslint/
>
> David
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

[Pulp-dev] Requiring 2FA in Github

2018-07-26 Thread David Davis

I got a notification from another organization I am a member of on
Github[0] that they are going to require Two Factor Authentication[1] in
response to recent news about some malicious code being shipped in a
compromised npm package[2].

We are vulnerable to having malicious code deployed to PyPI if one of our
Github accounts is compromised. Thus, I wonder if we should also require
that people with a commit bit have Two Factor Authentication enabled.

Thoughts?

[0]
https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404
[1]
https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
[2] https://www.theregister.co.uk/2018/07/12/npm_eslint/

David
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

Re: [Pulp-dev] Requiring 2FA in Github

[Pulp-dev] Requiring 2FA in Github

12 matches

Site Navigation

Mail list logo

Footer information