On 11 December 2017 at 18:03, Donald Stufft <don...@stufft.io> wrote: > So yea, it’s not as good as 2FA only everywhere, but the specific > circumstances around these specific credentials makes it a reasonable > usability trade off to allow them.
Cool. Security is always a usability vs security trade-off, and the main thing here is not to push the balance too far - we need to consider the potential issue of putting people off from contributing as well as the risk of security compromises. (Open source is a hobby activity for me - when it starts to feel too much like the day job, I start getting twitchy :-)) Paul _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
