On 2022-10-23 08:32, Ben Cooksley wrote:
Hi all,
This afternoon I updated invent.kde.org [1] to the latest version of
Gitlab, 15.5.
Release notes for this can be found at
https://about.gitlab.com/releases/2022/10/22/gitlab-15-5-released/
There isn't much notable feature wise in this release, however there
have been some bug fixes surrounding the "Rebase without Pipeline"
functionality that was introduced in an earlier update.
As part of securing Invent against recently detected suspicious
activity I have also enabled Mandatory 2FA, which Gitlab will ask you
to configure next time you access it. This can be done using either a
Webauthn token (such as a Yubikey) or TOTP (using the app of choice on
your phone)
Should you lose access to your 2FA device you can obtain a recovery
token to log back in via SSH, see
https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html#generate-new-recovery-codes-using-ssh
for more details on this.
Please let us know if there are any queries on the above.
Hi,
whereas I can see the security benefit, this raises the hurdle for one
time
contributors again a lot.
Before you already had to register to get your merge request,
now you need to setup this too (or at least soon it is mandatory).
I am not sure this is such a good thing.
I see a point that one wants to avoid that e.g. somebody steals my
account
that has enough rights to delete all branches in the Kate repository via
the
web frontend.
Could the 2FA stuff perhaps be limited to people with developer role or
such?
Greetings
Christoph
Thanks,
Ben
Links:
------
[1] http://invent.kde.org
--
Ignorance is bliss...
https://cullmann.io | https://kate-editor.org
