Re: Proposal to the TSC: enable 2FA requirement across all orgs


Ry Jones
 

On Mon, Jun 3, 2019 at 10:00 AM Brian Behlendorf <bbehlendorf@...> wrote:
Thanks Andy.  I'm also guessing it's not possible to require 2FA across
only some GH repos within a given org.

Correct. This is an org-level setting.

The quickest/best approach then is likely some sort of survey of
committers (as measured by commits to any repo over the last say 3
months) asking each to confirm they're using 2FA.  Then those who
haven't yet confirmed can be followed up with to make sure there's no
technical barrier keeping them from moving.  After some window of time
(say a month), given no technical barriers, it's enabled for all repos
and orgs.

This is a broader discussion we should have around marketing. In the beginning, anyone
that asked to be a member of the org was invited. Very few members are active. If/when
we move to automated management of repos, there will be a series of policy decisions
to make, distinct from 2FA.

Ry
--
Ry Jones
Community Architect, Hyperledger

Join toc@lists.hyperledger.org to automatically receive all group messages.