On Tue, Oct 25, 2022 at 1:52 PM Ahmad Samir <[email protected]> wrote: > > On 25/10/22 13:29, Harald Sitter wrote: > > On Tue, Oct 25, 2022 at 1:22 PM Ahmad Samir <[email protected]> wrote: > >> > >> Can a first time contributor create a fork, create multiple/100 MR's and > >> spin up CI jobs? if yes, > >> then, first time contributors can disrupt the system. > >> > >> Weren't there some suspicious accounts that were using our gitlab instance > >> for bitcoin mining (I > >> could be wrong, I vaguely remember someone from Sysadmin team talking > >> about something like that)? > >> were these first time contributors or ones with developer accounts? > > > > I'm sure 2fa doesn't help with that (: > > I am not a cyber security expert, but isn't 2FA comparable to captcha stuff? > it's not hard, but it > takes some extra time.
No. It's neither hard nor does it take time. 2fa is 100% scriptable. HS
