On Mon, 11 Dec 2017 14:52:54 -0500, "R. David Murray" <rdmur...@bitdance.com> wrote: > Indeed. If 2fa is required for contribution to CPython, I'll stop > contributing. Granted, I haven't done many merges lately, but a few > is a bigger number than zero :)
And in case you think this means I don't consider security important: I have been using strong, unique-per-site passwords (and in many cases unique usernames/emails) for many years, and I run my own email server. --David Aside: something I have never understood is the relatively recent craze for enter-username-first-then-go-to-password-screen. Most of the implementations I have encountered tell you if the username is unknown. That reduces the cracker's search space by a considerable amount. Using your email address as the account id has the same problem, magnified. I had already started using unique usernames/emails before that trend happened, to battle spam, but it certainly reinforced my motivation for doing so. I unfortunately haven't gotten around to backfilling a lot of the sites I did sign up to using my primary email address :( _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
