On Thu, Apr 08, 2021 at 12:41:43PM -0700, Kevin Fenzi wrote: ...snip... > > 2. How can we verify identity on people who request the removal of their > last otp? Do we just tell them to make a new account? > > Random ideas: > > * If they are not in any groups, how about we just reset based on email? > * Or perhaps if they are not in any sysadmin* groups? > * If they are Red Hat employees we can use the internal verify thing > * We could use gpg signed email if there is a gpg key assigned to the > account. > * Could we use ssh key to verify them? > > Any thoughts welcome. So, we have at least a half-dozen of these pending now. ;( I'm going to just process them later today unless there's strong objections. My rationale being that we are in a grace period after the new account rollout, we hope to improve things so people can't get in this state as easily, and none of them are in 'high security' groups. We still need a longer term policy, but I don't want all these people locked out while we figure it out. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
