On Thu, Apr 11, 2024 at 05:49:27PM -0700, Adam Williamson wrote: > On Fri, 2024-04-12 at 00:09 +0000, Gary Buhrmaster wrote: > > > > What is the best way to formally propose > > that 2FA is required for packagers after > > some date > > There is already a FESCo ticket. https://pagure.io/fesco/issue/3186 / > Please don't discuss there, discuss here; FESCo will vote in that > ticket or a meeting when they feel it appropriate. I was wanting to circle back and add some more info to this thread too. So, right now as far as I know, IPA doesn't have a way to easily say 'require a otp to be enrolled if you want to be added to this group'. We do have a script that can check current members of a group(s) for otp and nag them. This is what we do for sysadmin groups, although we haven't done it in a while. So, if FESCo decided we wanted to enforce 2fa for provenpackagers or whatever, right now that would require some work on some scripting, which I guess would remove people without otp? But then there would still be a window when the user was added and before the script removed them. Or some way for sponsors to check otp status before sponsoring someone, but if thats manually it could be missed. I think in any case it might be good to find all the {proven}packager members without otp and perhaps email them a note about how to set things up, etc. kevin
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
