See also https://discuss.python.org/t/remove-coordinator-role-of-inactive-coordinators-on-bugs-python-org/866 for the security of bugs.python.org. So far, no action was taken. Inactive coordinators kept their permission.
For GitHub, I'm using a Yubikey and FreeOTP for the 2FA. Victor On Mon, Jun 14, 2021 at 9:38 PM Brett Cannon <br...@python.org> wrote: > > I have discovered someone tried to break into my GitHub account (you can > check yourself by going to https://github.com/settings/security-log and > looking for "failed to login" attempts for potentially odd geographical > locations for yourself). CPython probably would have been the biggest target > for them had they gotten in (my work stuff is all open source and it would > have required breaking into another account). But GitHub has a completely > unique password and MFA turned on, so they were unsuccessful. > > Please make sure you have a unique password for your GitHub account and that > you have 2FA/MFA turned on (I honestly think we should start requiring this; > I'm sure we can get money for folks to get security keys). Other languages > like PHP have been successfully hacked > (https://arstechnica.com/gadgets/2021/03/hackers-backdoor-php-source-code-after-breaching-internal-git-server/), > so this isn't a hypothetical anymore that we would be targets for folks who > want to install a backdoor into one of the world's most popular programming > languages and is now mission-critical for a lot of massive corporations and > governments. > _______________________________________________ > python-committers mailing list -- python-committers@python.org > To unsubscribe send an email to python-committers-le...@python.org > https://mail.python.org/mailman3/lists/python-committers.python.org/ > Message archived at > https://mail.python.org/archives/list/python-committers@python.org/message/IS5ZGCRBBZ2RRRBJO4ZPG6P6XDPSDEYI/ > Code of Conduct: https://www.python.org/psf/codeofconduct/ -- Night gathers, and now my watch begins. It shall not end until my death. _______________________________________________ python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-le...@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/OMN6F7JTE6JBGB4NO5S5R5XFVH7OTQ5D/ Code of Conduct: https://www.python.org/psf/codeofconduct/
