On Thu, Jun 11, 2026 at 3:34 PM Adam Williamson
<[email protected]> wrote:

> I've had 2FA turned on on my account for years, and I deal with it.

So have I (and I do (deal)).  Would I prefer my
FIDO2 key just worked (like it does with github,
and numerous other services)?  Sure.  But the
TOTP token is at least a good first step[0].

> We really, really, really need to mandate
> 2FA for proven packagers at minimum.

When that was last proposed some PP's
said they would leave the project rather
than do so.  I do not know if many still
believe that, or would actually do that,
but even if so, it is long past time to require
2FA (I was of the opinion it was long past
time more than two years ago, so consider
this an echo from the past).



[0] Perfect is the enemy of good enough.
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to