On Wed, Jun 17, 2026 at 06:51:15PM +0200, Adam Williamson wrote:
> On Tue, 2026-06-16 at 07:26 -0400, Stephen J Smoogen wrote:
> > Well you are going to need to get all the other parts of the release system 
> > working first to make 2factor work.
> 
> Why? I don't understand why you keep saying this.

I don't either.

> We already have a 2FA requirement for sysadmin-main, and ~everyone in
> sysadmin-main is also a packager (often provenpackager), and we are all
> able to do all the things we need to do. I don't understand why you
> seem to think it's somehow currently impossible to use 2FA for Fedora
> or something?

Yeah, it is clearly possible, as FESCo just approved[1] 2FA mandate
for proven-packagers:

     "AGREED: Two-factor authentication will be required for members
     of the provenpackager group. There will be 3 month grace period for
     existing group members, after which users that don't have 2FA set
     up will be removed from the group."

[1] 
https://lists.fedoraproject.org/archives/list/[email protected]/thread/5ZI5NCEXX3PCET7FBD7EYQRGGRK4UD3O/

> As someone with 2FA enabled, I have to use my second factor when
> authenticating to kerberos in order to be able to submit builds. Yes, I
> don't have to use the second factor every time I do a push to dist-git,
> at least not currently (though 2FA was required to issue the token the
> process uses, and that token can be stored pretty securely). But as
> Daniel says, waiting for things to be perfect before having the
> requirement doesn't seem sensible. It's still much safer with 2FA on
> than without.

That only makes sense!

-- 
Kashyap Chamarthy / Red Hat / RISC-V and Fedora

-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to