On Thu, Sep 15, 2022 at 2:17 AM Samuel Lelièvre <samuel.lelie...@gmail.com> wrote: > Increasingly, services such as GitHub and Google require > users to have a mobile phone number, to share it with them, > and to be able to receive text messages on them in order > to be able to log in or access certain features.
I don't think this is the case of GitHub right now. They do optionally *support* 2-factor authentication (unlike our trac setup), which is a very (very!) good thing from a security point of view. Personally, I enable 2-factor for GitHub and use a generic 2-factor app on my phone. Maybe we should require 2-factor? [1] I would not dismiss your concern about GitHub eventually charging as easily as Dima did. In fact, just two days ago GitLab (not GitHub) noticeably cracked down on free usage https://news.ycombinator.com/item?id=32821682 That said, on GitLab open source projects such as SageMath would still be free, as they have a special application process for open source projects. It is also supposed to be easy to migrate complete projects from GitHub to GitLab if necessary, as that's a key part of GitLab's business model. There is no requirement that all hosting for everything involving SageMath be completely free. [2] My personal biggest fear with GitHub was for a long time "What happens when they get bought by big-company-X?". At least that was answered when Microsoft bought them in 2018 (see [3]); at least now they won't be bought by Oracle (I painfully remember Oracle killing Sun Microsofts literally months after SageMath started getting some *major* marketing and vendor support from Sun.) -- William [1] Related to this, the JupyterLab project this week flipped a switch to *require* all developers with commit access to use 2-factor authentication. We don't have to make that requirement for SageMath, though personally I think we should, since if a hacker were to break into one person's account and sneak bad code into Sage, it could be very bad (for whoever it targets, and also for our reputation). Due to Sage's use in cryptography research, there are very good arguments that Sage would be a high value target for such attacks, e.g., by sophisticated state sponsored entities. [2] E.g., I guess we've been paying to host trac much more than we would pay for GitHub if it weren't free. [3] https://news.microsoft.com/announcement/microsoft-acquires-github/ -- William (http://wstein.org) -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/CACLE5GCg6cwXhXDVwrJGNufu8%2BYVscZDtFjCu-wpX-N9YDO-7Q%40mail.gmail.com.
