> On Dec 13, 2015, at 5:33 PM, Shane Curcuru <[email protected]> wrote: > > Ross Gardler wrote on 12/13/15 1:01 PM: >> Thanks Sam, wrt to MFA do we, as a community, feel that it is a >> requirement for the GitHub experiment? For the record I do and I will >> say as much in the report unless I'm corrected here. > > Personally if Infra wants to require MFA, then I'm happy to require it, > even if it means slight changes for people to be able to commit there. > > In many other places both policy-wise and action-wise we take great care > to ensure the security and provenance of our code can definitely be tied > to a specific committer. I don't see any reason to lessen that here, > even if it requires the extra MFA setup dance for github's services.
+1
