On Thursday, 11 June 2026 at 15:46, Michael Catanzaro via devel wrote:
>    I use 2FA for basically everything except Fedora. Yet my Fedora account
>    is one of my highest-value accounts. Compromise a Fedora packager and
>    you can push malware more or less directly to users.
> 
>    I'm afraid Fedora is just not ready for 2FA. Kerberos is currently the
>    biggest problem. No way would I be willing to enable 2FA before
>    gnome-online-accounts is able to handle ticket
>    renewals: 
> https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/work_items/171
[...]

FWIW, I've been using YubiKey-based OTP (via ykman) and fkinit for 2FA with
Fedora account for quite some time now and it works quite well.

Regards
Dominik
-- 
Fedora   https://fedoraproject.org
Deep in the human unconscious is a pervasive need for a logical universe that
makes sense. But the real universe is always one step beyond logic.
        -- from "The Sayings of Muad'Dib" by the Princess Irulan
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to