Hey,
On Mon, Jan 23, 2023 at 09:56:14PM +0100, Floris Bruynooghe wrote:
> The tidelift message seems to be because they don't have the information
> from pypi, which is fair enough. So they require you to login to
> tidelift and tick a box saying "I've enabled 2FA on PyPI". Which
> TheCompiler h
So I think it already is mandatory, logging into pypi it is enabled and
can not be disabled. Everyone but pfcdayelise have 2FA enabled, I
assume this means they can no longer manage pytest on pypi as long as
they don't enable 2FA. That's probably fine, that's why we have
multiple people.
The tid
Yes that's why the message came to be hehehe.
It will eventually be mandatory, from my understanding.
Cheers
On Sun, Jan 22, 2023 at 6:47 AM Floris Bruynooghe wrote:
> So why does tidelift keep telling us every week this isn't completed?
>
> On Fri 20 Jan 2023 at 10:47 -0300, Bruno Oliveira wr
So why does tidelift keep telling us every week this isn't completed?
On Fri 20 Jan 2023 at 10:47 -0300, Bruno Oliveira wrote:
> Sorry for the noise folks, pytest is a critical project and 2FA will be
> mandatory anyway:
>
> 2FA requirement
>
> Requiring 2FA for this project will require all coll
Sorry for the noise folks, pytest is a critical project and 2FA will be
mandatory anyway:
2FA requirement
Requiring 2FA for this project will require all collaborators to have 2FA
enabled for their individual account. Any collaborator who does not have
2FA enabled will not be able to manage the p
Enabled!
This removed 41 users from the organization, including Holger!
GitHub will contact those users mentioning the reason, hopefully people
will enable 2FA and ask us to rejoin.
Cheers,
Bruno.
On Thu, Dec 8, 2022 at 3:10 PM oliver wrote:
> Makes sense to me.
>
> On Thu, Dec 8, 2022 at 11:
Makes sense to me.
On Thu, Dec 8, 2022 at 11:42 AM Floris Bruynooghe wrote:
> I'd also be +1 on this.
>
> Note however that the user in question did have 2FA enabled already and
> indeed this doesn't help for compromised tokens. I think we can force
> some limits on what tokens are allowed, I'm
I'd also be +1 on this.
Note however that the user in question did have 2FA enabled already and
indeed this doesn't help for compromised tokens. I think we can force
some limits on what tokens are allowed, I'm not entirely sure here and
on how restricting this may turn out to be for people.
Anyw
Hi folks,
I intend to enable the requirement in a few hours, unless someone objects.
Cheers,
Bruno.
On Thu, Dec 8, 2022 at 1:17 PM Bruno Oliveira wrote:
> Hi folks,
>
> Given the recent incident of suspicious activity using a stolen credential
> from a pytest-dev org member, it was suggested t
