On Mon, Jun 22, 2026 at 04:32:20PM +0000, Gary Buhrmaster wrote:
> On Mon, Jun 22, 2026 at 3:43 PM Daniel P. Berrangé <[email protected]> 
> wrote:
> 
> >
> > IMHO emailing admins is a process of last resort. You definitely need
> > that to be possible, but you don't want users to have to use it as the
> > primary process.
> >
> > When I talk of recovery tokens, I mean a system that is "self service"
> > that does not create a burden / bottleneck on our admins long term.
> 
> I think that is a great goal, but how often does the
> need to recover a token actually happen?[0]  Sure,
> we only have a small number of people with 2FA
> today, but the raw number of recovery incidents
> should be helpful to know (and can be improperly
> extrapolated to estimate the future load on
> the admins).

So far this year there have been 15 requests.

On Mon, Jun 22, 2026 at 04:52:23PM +0000, Zbigniew Jędrzejewski-Szmek wrote:
> 
> That is a good question. Let's say we have 10 reset requests per
> year. Designing, implementing, and perfecting the system to do this
> seems completely overkill.
> 
> Also, going through releng might be good for security.

Note that this goes via infrastructure, but sure...

I think some kind of recovery codes would be nice, but that entire thing
would need to be implemented.

kevin
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to