I use 2FA for basically everything *except* Fedora. Yet my Fedora account is one of my highest-value accounts. Compromise a Fedora packager and you can push malware more or less directly to users.
I'm afraid Fedora is just not ready for 2FA. Kerberos is currently the biggest problem. No way would I be willing to enable 2FA before gnome-online-accounts is able to handle ticket renewals: https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/work_items/171 And even if gnome-online-accounts could theoretically handle 2FA, I still wouldn't be willing to enable it to see whether it works, because if it doesn't work there is no way to disable 2FA without requesting admin intervention. Presumably almost everybody agrees that we should eventually require 2FA. But first we need to get everything working well, and we're not close yet. Then it ought to be optional for a year or two *after* that point so we can try it out without fear that we will be locked in if there are problems, so we can complete the transition smoothly.
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
