Re: Inactive packagers to be removed after the F37 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2022-09-06 at 16:14 -0500, Jonathan Wright via devel wrote:
> On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel <
> devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> 
> > On 06/09/2022 19:49, Michael Catanzaro wrote:
> > > Of course, hardware authenticators would be even more secure, and
> > > it
> > > sure seems pretty reasonable to expect that people with commit
> > > access to
> > > Fedora packages are able to purchase a $25 or 30€ security key
> > > [1][2].

I think most people would find it not reasonable for contributors to an
open source project to pay any amount of cash, even $25, to gain
packaging rights. That's tantamount to a membership or entrance fee. 

While I think this discussion has gone off the rails, here are my
thoughts:
- Why such a focus on FIDO2? It seems that nobody has discussed any
alternatives. FIDO2 isn't even necessarily universally acclaimed in the
infosec space
- Why such a focus on devices that cost money? I have 2FA enabled on my
phone with a free open source TOTP app

Seems that Fedora also has no SOP in place for requisitions or funding
devices for its members, otherwise I don't think this discussion would
be taking place. Fedora should probably start there first, because once
you talk about buying keys, do you also talk about buying Thinkpads and
laptops that travel overseas to countries that are on US sanction lists
(this is a slippery slope, but do you see where I'm going with this?)

I think mandating software 2FA at a minimum is not that big of a buy-
in, anything beyond that poses major complications.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux