Great discussion topic, but turning on or mandating 2FA for committer accounts is a complex topic, so we definitely need some focused discussion on what specific issues we have - either for security risk from committer accounts, or social factors given that the ASF has thousands of committers, many of whom may only use their accounts rarely.
One difference with security posture versus traditional organizations is that Apache's committers are not connected with employment; thus we have many long-lived committer accounts. Many committers keep working on their Apache project across multiple employers; we also likely have many committers who stop contributing (and possibly forget about their accounts) once they change employers. That means many of the traditional $BigCo mitgation policies around corporate access control and employment changes don't really apply here; and it's likely we have proportionally more "dormant" accounts (from people who've stopped committing, but never told us) than most other organizations. On the flip side, unless a committer explicitly renounces their account, they can always come back to our stable infra team to request access again if they choose to start contributing again after a hiatus. Relatedly, for projects using GitHub, Infra policy already requires that Apache committers have setup 2FA with GitHub and explicitly linked their Apache ID and GitHub ID - so in that case, code commits are absolutely protected with 2FA thru GitHub's systems. Hope that helps, -- - Shane Curcuru Member The Apache Software Foundation --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
