Re: Proposal to the TSC: enable 2FA requirement across all orgs


Ry Jones
 

I did an audit of the main org. Slightly over half of our 400 members are not using two factor authentication.

There is no easy way to tie those members to activity in the org.

On Tue, Jun 4, 2019 at 07:15 Arnaud Le Hors <lehors@...> wrote:
I strongly believe we need to give everyone a fair warning but I don't think we need to wait for several months to pull the trigger either. I'd say a month at most.

This is independently of the fact that 2FA isn't without its own pitfalls...
--
Arnaud  Le Hors - Senior Technical Staff Member, Blockchain & Web Open Technologies - IBM




From:        "Ry Jones" <rjones@...>
To:        Brian Behlendorf <bbehlendorf@...>
Cc:        Andrew Grimberg <agrimberg@...>, TSC <tsc@...>
Date:        06/03/2019 07:21 PM
Subject:        Re: [Hyperledger TSC] Proposal to the TSC: enable 2FA requirement across all orgs
Sent by:        tsc@...




On Mon, Jun 3, 2019 at 10:00 AM Brian Behlendorf <bbehlendorf@...> wrote:

Thanks Andy.  I'm also guessing it's not possible to require 2FA across
only some GH repos within a given org.



Correct. This is an org-level setting.

The quickest/best approach then is likely some sort of survey of
committers (as measured by commits to any repo over the last say 3
months) asking each to confirm they're using 2FA.  Then those who
haven't yet confirmed can be followed up with to make sure there's no
technical barrier keeping them from moving.  After some window of time
(say a month), given no technical barriers, it's enabled for all repos
and orgs.



This is a broader discussion we should have around marketing. In the beginning, anyone
that asked to be a member of the org was invited. Very few members are active. If/when
we move to automated management of repos, there will be a series of policy decisions
to make, distinct from 2FA.

Ry
--
Ry Jones
Community Architect, Hyperledger
Chat@rjones



--
Ry Jones
Community Architect, Hyperledger

Join toc@lists.hyperledger.org to automatically receive all group messages.