Makes sense to me.
On Thu, Dec 8, 2022 at 11:42 AM Floris Bruynooghe wrote:
> I'd also be +1 on this.
>
> Note however that the user in question did have 2FA enabled already and
> indeed this doesn't help for compromised tokens. I think we can force
> some limits on what tokens are allowed,
I'd also be +1 on this.
Note however that the user in question did have 2FA enabled already and
indeed this doesn't help for compromised tokens. I think we can force
some limits on what tokens are allowed, I'm not entirely sure here and
on how restricting this may turn out to be for people.
Hi folks,
I intend to enable the requirement in a few hours, unless someone objects.
Cheers,
Bruno.
On Thu, Dec 8, 2022 at 1:17 PM Bruno Oliveira wrote:
> Hi folks,
>
> Given the recent incident of suspicious activity using a stolen credential
> from a pytest-dev org member, it was suggested
Hi folks,
Given the recent incident of suspicious activity using a stolen credential
from a pytest-dev org member, it was suggested that pytest is high-enough
profile that we should require 2FA for all members.
I'm definitely +1 on this, sending this message here in case someone wants
to voice
Thanks Floris.
Yes, please go ahead and contact the user.
I've posted a thread about this for the Core team in the pytest-dev
Discussions, just for reference:
https://github.com/orgs/pytest-dev/teams/core/discussions/23
Cheers,
Bruno.
On Thu, Dec 8, 2022 at 10:18 AM Floris Bruynooghe wrote:
Hi folks,
Github recently sent an email warning of a member of the pytest-dev org
(I'm purposefully not adding identifiable information here) likely
having a compromised API token that may have been abused. The member in
question only has read access to all but one plugin repository so the