Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

> The 2FA scheme that we are solely planning to support is U2F/FIDO2, and to > the best of my knowledge there has so far not been any work on integrating > this with any krb5 server. It's not done, but I'm definitely working on this. We deployed [SPAKE](https://www.ietf.org/id/draft-ietf-kitte

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

On 4/22/19 11:41 PM, Nicolas Mailhot wrote: > Le lundi 22 avril 2019 à 11:22 -0700, Kevin Fenzi a écrit : >> Greetings. >> >> I'm happy to announce that you can now use https to push commits >> >> to src.fedoraproject.org. > > Awesome. Can it be extended to pagure.io pretty please? For Fedora > pr

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

On Mon, 2019-04-22 at 22:06 +0200, Patrick Uiterwijk wrote: > Hi Simo, > > On Mon, 22 Apr 2019 at 20:39, Simo Sorce wrote: > > > > Any reason why oidc is required instead of a simple GSSAPI (via > > mod_auth_gssapi) ? > > GSSAPI authentication won't require a graphical session to work. > > The

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

Le lundi 22 avril 2019 à 11:22 -0700, Kevin Fenzi a écrit : > Greetings. > > I'm happy to announce that you can now use https to push commits > > to src.fedoraproject.org. Awesome. Can it be extended to pagure.io pretty please? For Fedora projects hosted here, the number of pagure commits dwarfs

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

Hello, Kevin Fenzi. Mon, 22 Apr 2019 11:22:27 -0700 you wrote: > If you are in the packager group you can still push via ssh for now. In time, > we are planning to deprecate this. And this is not good. Received HTTPS tokens can be easily stolen. SSH keys using hardware tokens much more secure.

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

Hi Simo, On Mon, 22 Apr 2019 at 20:39, Simo Sorce wrote: > > Any reason why oidc is required instead of a simple GSSAPI (via > mod_auth_gssapi) ? > GSSAPI authentication won't require a graphical session to work. The main reasons for going with OIDS rather than GSSAPI are: 1. User support: we h

Re: announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

Any reason why oidc is required instead of a simple GSSAPI (via mod_auth_gssapi) ? GSSAPI authentication won't require a graphical session to work. Simo. On Mon, 2019-04-22 at 11:22 -0700, Kevin Fenzi wrote: > Greetings. > > I'm happy to announce that you can now use https to push commits > > t

announcing HTTPS pushing to dist-git/src.fedoraproject.org for packagers and non-packagers

Greetings. I'm happy to announce that you can now use https to push commits to src.fedoraproject.org. You will need to use 'fedpkg clone -a' and have a session with a running browser to do the initial authentication, but after that everything should be transparent. Users who are not part of th