On Thu, Jun 11, 2026 at 11:05 AM Daniel P. Berrangé <[email protected]> wrote: > > IMHO it is not a good look that Fedora continues to allow passwords > alone, given we know we are a high value target, and the consequences > can be potentially far reaching. 2FA isn't a magic solution to all > threats, but continuing to allow passwords alone makes compromising > account credentials too easy.
Don't forget that the actions here happened on Bugzilla, which uses a separate account, and is not necessarily connected to people's FAS accounts (and on GitHub, also not FAS related). I'm not sure that the "classic" bugzilla login supports 2FA *at all* (while FAS does at least to some degree). Fabio -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
