I use 2FA for basically everything *except* Fedora. Yet my Fedora account is 
one of my highest-value accounts. Compromise a Fedora packager and you can push 
malware more or less directly to users.

I'm afraid Fedora is just not ready for 2FA. Kerberos is currently the biggest 
problem. No way would I be willing to enable 2FA before gnome-online-accounts 
is able to handle ticket renewals: 
https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/work_items/171

And even if gnome-online-accounts could theoretically handle 2FA, I still 
wouldn't be willing to enable it to see whether it works, because if it doesn't 
work there is no way to disable 2FA without requesting admin intervention.

Presumably almost everybody agrees that we should eventually require 2FA. But 
first we need to get everything working well, and we're not close yet. Then it 
ought to be optional for a year or two *after* that point so we can try it out 
without fear that we will be locked in if there are problems, so we can 
complete the transition smoothly.
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to