On Sat, Jun 13, 2026 at 02:51:01PM +0100, Peter Robinson wrote: > On Sat, 13 Jun 2026 at 09:57, Adam Williamson > <[email protected]> wrote: > > > > On Sat, 2026-06-13 at 04:04 +0000, Gary Buhrmaster wrote: > > > On Sat, Jun 13, 2026 at 12:01 AM Michael Catanzaro via devel > > > <[email protected]> wrote: > > > > > > > > OK, I'm convinced you're right. It's time. > > > > -- > > > > > > So, to the "management", how do we > > > make such a 2FA requirement happen? > > > I presume this needs to go through a > > > process to approve any such changes? > > > > I *think* a general 2FA requirement for packagers or provenpackagers > > should go to FESCo? There's FPC, but I think FPC's remit is the > > packaging guidelines, not wider rules like this. > > Or possibly council if it's a policy thing?
Last time this was proposed it went to FESCO https://pagure.io/fesco/issue/3186 I would see Council's role as setting a strategic plan "Secure the Fedora Community", while FESCO would still own the impl of such a plan, of which 2FA for packager accounts is one aspect. So I'd be inclined to re-file ticket 3186 With regards, Daniel -- |: https://berrange.com ~~ https://hachyderm.io/@berrange :| |: https://libvirt.org ~~ https://entangle-photo.org :| |: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :| -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
