On Tue, 2026-06-16 at 07:26 -0400, Stephen J Smoogen wrote:
> Well you are going to need to get all the other parts of the release system 
> working first to make 2factor work.

Why? I don't understand why you keep saying this.

We already have a 2FA requirement for sysadmin-main, and ~everyone in
sysadmin-main is also a packager (often provenpackager), and we are all
able to do all the things we need to do. I don't understand why you
seem to think it's somehow currently impossible to use 2FA for Fedora
or something?

As someone with 2FA enabled, I have to use my second factor when
authenticating to kerberos in order to be able to submit builds. Yes, I
don't have to use the second factor every time I do a push to dist-git,
at least not currently (though 2FA was required to issue the token the
process uses, and that token can be stored pretty securely). But as
Daniel says, waiting for things to be perfect before having the
requirement doesn't seem sensible. It's still much safer with 2FA on
than without.

Yes, if someone manages to steal my dist-git token they can do pushes
as me with nothing else. But if I had 1FA, they could do the same and
much more by stealing my password, and there are more opportunities to
steal someone's password than their dist-git token.
-- 
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected]
https://www.happyassassin.net



-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to