On Fri, 22 Aug 2014 12:17:52 +0200 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> wrote: > Hi all, > > Xavier pointed me to this article this morning [1] about the > kernel.org infrastructure now requiring 2-Factor Auth on the git of > the kernel. Yeah. > We were wondering if this is something that would be worth > considering for the private repos -main has access to. > I am leaning towards yes it would be nice, but I do realize that it > would prevent someone from changing passwords (pushing to the repo), > not reading/using them (assuming they could clone the repo). > > Thoughts? Well, our private repos are all on lockbox01... so I'm not sure it makes much sense to do much there. I think it would be nice to explore making our dist-git more secure. Not sure all our package maintainers would put up with the setup they are using at kernel.org, but perhaps. Note that that just allows you to whitelist the IP you are using. If someone can get a IP thats already whitelisted they could still use that to attack, and if they compromise the maintainers machines they could use the existing whitelist to push whatever. Another thought we have had in the past was to setup things so commits need to be signed. We could have a hook to check that the commit is signed by the key they list in fas. Again this wouldn't help a compromised maintainer machine probibly, but might be interesting. I guess the highest level here would be just to require ssh key and 2factor auth to push dist-git commits. That might really annoy maintainers that push lots of commits though. Anyhow, just some thoughts. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
