Hi,

On 17-Jun-26 18:51, Adam Williamson wrote:
> On Tue, 2026-06-16 at 07:26 -0400, Stephen J Smoogen wrote:
>> Well you are going to need to get all the other parts of the release system 
>> working first to make 2factor work.
> 
> Why? I don't understand why you keep saying this.
> 
> We already have a 2FA requirement for sysadmin-main, and ~everyone in
> sysadmin-main is also a packager (often provenpackager), and we are all
> able to do all the things we need to do. I don't understand why you
> seem to think it's somehow currently impossible to use 2FA for Fedora
> or something?
> 
> As someone with 2FA enabled, I have to use my second factor when
> authenticating to kerberos in order to be able to submit builds. Yes, I
> don't have to use the second factor every time I do a push to dist-git,
> at least not currently (though 2FA was required to issue the token the
> process uses, and that token can be stored pretty securely). But as
> Daniel says, waiting for things to be perfect before having the
> requirement doesn't seem sensible. It's still much safer with 2FA on
> than without.
> 
> Yes, if someone manages to steal my dist-git token they can do pushes
> as me with nothing else. But if I had 1FA, they could do the same and
> much more by stealing my password, and there are more opportunities to
> steal someone's password than their dist-git token.

FWIW I've 2 factor enabled for quite a while now and it has never
gotten in the way of me doing any packaging work.

As Adam says, one needs to get a kerberos token from the commandline
and then everything just works.

Regards,

Hans


-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to