So at issue is that we have no insight into the auth mechanisms at Github. We can't tell if someone has tried to authenticate one time and was successful, or only successful after 500 attempts.
Meanwhile we would lock an account out, and even block the entire IP range for a similar behavior, but we have no clue what's going on in these cases otherwise. It also means we get a bonus benefit of not relying on passwords for commit access, and having a really robust authentication scheme - ( people who have MFA enabled choose to add a SSH key to allow commits sans passwords via ssh as opposed to https) Github sets a cookie for 30 or 45 days once you' have authenticated successfully the first time with MFA, you generally don't need to use MFA again for a month or so, unless you are using a public computer. On Tue, Dec 8, 2015 at 4:23 PM, Sam Ruby <[email protected]> wrote: > David, you want to answer this one (i.e., why is MFA required)? > > - Sam Ruby > > On Tue, Dec 8, 2015 at 4:14 PM, Craig L Russell > <[email protected]> wrote: >> >>> On Dec 8, 2015, at 12:15 PM, Sam Ruby <[email protected]> wrote: >>> >>> On Tue, Dec 8, 2015 at 1:06 PM, sebb <[email protected]> wrote: >>>> On 8 December 2015 at 15:50, Sam Ruby <[email protected]> wrote: >>>>> On Tue, Dec 8, 2015 at 9:20 AM, Jim Jagielski <[email protected]> wrote: >>>>>> >>>>>>> On Dec 5, 2015, at 5:21 PM, sebb <[email protected]> wrote: >>>>>>> >>>>>>> On 5 December 2015 at 02:21, Sam Ruby <[email protected]> wrote: >>>>>>>> Repository: >>>>>>>> >>>>>>>> https://github.com/apache/whimsy >>>>>>> >>>>>>> The SVN repo is still present at >>>>>>> >>>>>>> https://svn.apache.org/repos/infra/infrastructure/trunk/projects/whimsy >>>>>>> >>>>>>> Is that going to disappear, or can we still udpate that? >>>>> >>>>> That copy is now out of date. >>>>> >>>>>> PLEASE KEEP!! I don't want to be forced to use git. The whole idea >>>>>> is to make it easy for developers, right? And there are a bunch >>>>>> that are comfortable w/ svn. >>>>>> >>>>>> If we provide git functionality for svn-based projects, we should >>>>>> also provide svn access for git-based ones. >>>>> >>>>> GitHub provides svn access[1]. Try it out: >>>>> >>>>> svn checkout https://github.com/apache/whimsy >>>> >>>> Just checked - seems it's read-only. >>> >>> Should be read/write since May of 2010: >>> >>> https://github.com/blog/644-subversion-write-support >>> https://github.com/blog/1178-collaborating-on-github-with-subversion >>> >>> I note that: >>> >>> 1) you are not listed as a committer in LDAP for whimsy >>> >>> 2) you have not associated your githubUsername with your ASF account; >>> that would be done using https://matt.apache.org/ >> >> I tried this tool. Signed into my Apache account. Signed into my github >> account. >> >> Seems that to use this, extra authentication is needed on my github account. >> >> Why? >> >> This affects everything I do with github. ??? >> >> Craig >>> >>> - Sam Ruby >>> >>>>> - Sam Ruby >>>>> >>>>> [1] https://github.com/blog/626-announcing-svn-support >> >> Craig L Russell >> Architect, Oracle >> http://db.apache.org/jdo >> 408 276-5638 mailto:[email protected] >> P.S. A good JDO? O, Gasp! >>
