Re: The authenticity of pkgs.fedoraproject.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 11, 2021 at 07:59:55AM +0100, Petr Pisar wrote:
> On Fri, Jan 08, 2021 at 09:34:02AM -0800, Kevin Fenzi wrote:
> > * drop ssh commits entirely sometime and move to https / token. 
> > 
> Token - Do you mean a pregenerated password which users store on their file
> system and which expires after three monts and the users needs to fiddle with
> some web pages to generate a new one? As Pagure does? In my opinion it is
> a terrible user experience and it's less safe. I recommend Kerberos.

Yes, tokens. Kerberos is not very feasable due to various constraints. 

But nothing is set yet, we are still exploring the best options. 

kevin

Attachment: signature.asc
Description: PGP signature

_______________________________________________
packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux