On Tue, Sep 06, 2022 at 04:14:52PM -0500, Jonathan Wright via devel wrote: > On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel < > devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > On 06/09/2022 19:49, Michael Catanzaro wrote: > > > Of course, hardware authenticators would be even more secure, and it > > > sure seems pretty reasonable to expect that people with commit access to > > > Fedora packages are able to purchase a $25 or 30€ security key [1][2]. > > > > Having to pay even $25 for a hobby project is not acceptable, IMO. If > > you want to enforce such a policy, find sponsors and buy devices for all > > Fedora contributors. > > > Fedora must be looked at as more than just a "hobby project" even though it > is a hobby for some. > > It's an OS that many rely on and $25 is a somewhat trivial cost for > improved security. What more, this cost would be amortized over multiple projects. One hardware key can be used with any number of projects and personal accounts. -- Tomasz Torcz “If you try to upissue this patchset I shall be seeking tomek@xxxxxxxxxxxxxx an IP-routable hand grenade.” — Andrew Morton (LKML) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
