This is an automated email from the ASF dual-hosted git repository.
piotrz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/royale-asjs.wiki.git
The following commit(s) were added to refs/heads/master by this push:
new 516628d Add information about 2FA token generation for Git push
516628d is described below
commit 516628db1d5205bb0c2fa71f643b577cb8033d21
Author: Piotr Zarzycki <[email protected]>
AuthorDate: Mon Jul 22 16:45:41 2019 +0200
Add information about 2FA token generation for Git push
---
Release-Steps-Jobs-On-Jenkins.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Release-Steps-Jobs-On-Jenkins.md b/Release-Steps-Jobs-On-Jenkins.md
index f15ef94..cee8fc7 100644
--- a/Release-Steps-Jobs-On-Jenkins.md
+++ b/Release-Steps-Jobs-On-Jenkins.md
@@ -15,7 +15,7 @@ The Ant source package is verified in a slightly different
way. The verificatio
## Security
-One reason for so many release steps is that we do not want to store any
credentials on the CI Server, so every time there is something to be pushed to
Git, the release step has to end and request that the RM login to the CI Server
and enter their Github username and password.
+One reason for so many release steps is that we do not want to store any
credentials on the CI Server, so every time there is something to be pushed to
Git, the release step has to end and request that the RM login to the CI Server
and enter their Github username and password. In order to use 2FA
authentication user has to [generate
token](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line)
and use it as password.
Similarly, when GPG signatures are required, the RM must download the
artifacts to be signed and do the signing locally. The RM's keys should never
be transferred/copied to the CI Server
