On Tue, 2026-06-16 at 07:26 -0400, Stephen J Smoogen wrote: > Well you are going to need to get all the other parts of the release system > working first to make 2factor work.
Why? I don't understand why you keep saying this. We already have a 2FA requirement for sysadmin-main, and ~everyone in sysadmin-main is also a packager (often provenpackager), and we are all able to do all the things we need to do. I don't understand why you seem to think it's somehow currently impossible to use 2FA for Fedora or something? As someone with 2FA enabled, I have to use my second factor when authenticating to kerberos in order to be able to submit builds. Yes, I don't have to use the second factor every time I do a push to dist-git, at least not currently (though 2FA was required to issue the token the process uses, and that token can be stored pretty securely). But as Daniel says, waiting for things to be perfect before having the requirement doesn't seem sensible. It's still much safer with 2FA on than without. Yes, if someone manages to steal my dist-git token they can do pushes as me with nothing else. But if I had 1FA, they could do the same and much more by stealing my password, and there are more opportunities to steal someone's password than their dist-git token. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected] https://www.happyassassin.net -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
