On Mon, 11 Dec 2017 18:14:41 +0000, Paul Moore <[email protected]> wrote: > On 11 December 2017 at 18:03, Donald Stufft <[email protected]> wrote: > > So yea, itâs not as good as 2FA only everywhere, but the specific > > circumstances around these specific credentials makes it a reasonable > > usability trade off to allow them. > > Cool. Security is always a usability vs security trade-off, and the > main thing here is not to push the balance too far - we need to > consider the potential issue of putting people off from contributing > as well as the risk of security compromises. (Open source is a hobby > activity for me - when it starts to feel too much like the day job, I > start getting twitchy :-))
Indeed. If 2fa is required for contribution to CPython, I'll stop contributing. Granted, I haven't done many merges lately, but a few is a bigger number than zero :) --David
_______________________________________________ python-committers mailing list [email protected] https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
