Il 17/06/24 22:20, Zbigniew Jędrzejewski-Szmek ha scritto: > Proven packagers, > > we changed [2,3] the FESCo policy document [1] for provenpackagers to say: > > "Provenpackagers SHOULD have two-factor-authentication (2FA) enabled for their FAS accounts." > > This is not enforced or checked, but please take steps to conform > to the policy if you haven't yet. > > [1] https://docs.fedoraproject.org/en-US/fesco/Provenpackager_policy/ > [2] It's not visible on the web yet, because antora is doing its thing … slowly. > [3] https://pagure.io/fesco/issue/3186 > > Zbyszek Perhaps it's a stupid idea, but we already have ssh public keys stored in fas, would it be possible for fkinit to use the private key as second factor? That way, on a system which is considered secure (it has the private key stored in it) we would only require the user to enter the FAS password, while on a smartphone or a temporary device the password+otp would still be required. Mattia -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
