Re: Stale proven packagers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 23, 2020 at 12:49 PM Vitaly Zaitsev via devel
<devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

>
> Maybe Fedora should add 2FA support and require it for the most powerful
> groups?
>

It does support it, but AFAIK does not require it.

Arguably those with elevated access (provenpackagers(*))
should be required to use a hardware token such
as a FIDO2 authenticators with biometrics and/or
PIN required (some phones with biometrics are
are equivalent to external tokens) where passwords
themselves can away.  That may be a bridge too
far at this point, but I would like to see that as a goal
to work towards (2021 should be the year passwords
die according to Microsoft).

And then packager cleanup, while still important,
and should be done, might easily be made very
lightweight of reconfirming a CLA once a year (as
Richard suggested) if one wishes to continue to
be a packager (of any type) since the exposure
of compromised account is significantly reduced
for those using something like FIDO2 with
biometrics.




(*) and then consider upping the requirements
over time down the developer chain, perhaps
with the next step(s) being to expand to include
others such as those involved in "core security
related" software (I am not sure I can categorize
that, but I suspect one could come to some
consensus, such as the kernel, openssh, glibc,
etc.), even if not provenpackagers (although
probably most of those people are PPs).
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux