On Fri, Jun 19, 2026 at 12:27 PM Vitaly Zaitsev via devel <[email protected]> wrote:
> When a service I rarely use requires a one-time password (OTP), I add it > using KeePassXC and store its secret key in the same database along with > the password. I use TOTP on a separate device only for my primary email > and a few important accounts. I would expect most Fedora packagers, and especially PPs, to consider their FAS account to be important, and would try to implement the spirit of the requirement, and not just the minimal letter of the requirements. > Does this increase security? I don't think so. It reduces the attack surface for the project over all, as only those that do not believe Fedora is (to use your term) important will continue to be more vulnerable than necessary. -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
