Re: Proposal to the TSC: enable 2FA requirement across all orgs

Arnaud Le Hors

I strongly believe we need to give everyone a fair warning but I don't think we need to wait for several months to pull the trigger either. I'd say a month at most.

This is independently of the fact that 2FA isn't without its own pitfalls...
Arnaud  Le Hors - Senior Technical Staff Member, Blockchain & Web Open Technologies - IBM

From:        "Ry Jones" <rjones@...>
To:        Brian Behlendorf <bbehlendorf@...>
Cc:        Andrew Grimberg <agrimberg@...>, TSC <tsc@...>
Date:        06/03/2019 07:21 PM
Subject:        Re: [Hyperledger TSC] Proposal to the TSC: enable 2FA requirement across all orgs
Sent by:        tsc@...

On Mon, Jun 3, 2019 at 10:00 AM Brian Behlendorf <bbehlendorf@...> wrote:

Thanks Andy.  I'm also guessing it's not possible to require 2FA across
only some GH repos within a given org.

Correct. This is an org-level setting.

The quickest/best approach then is likely some sort of survey of
committers (as measured by commits to any repo over the last say 3
months) asking each to confirm they're using 2FA.  Then those who
haven't yet confirmed can be followed up with to make sure there's no
technical barrier keeping them from moving.  After some window of time
(say a month), given no technical barriers, it's enabled for all repos
and orgs.

This is a broader discussion we should have around marketing. In the beginning, anyone
that asked to be a member of the org was invited. Very few members are active. If/when
we move to automated management of repos, there will be a series of policy decisions
to make, distinct from 2FA.

Ry Jones
Community Architect, Hyperledger

Join to automatically receive all group messages.