|
From: | Stefan Monnier |
Subject: | Re: Proposal to include obligatory PGP verification of packages from any repository |
Date: | Tue, 20 Oct 2020 01:52:35 -0400 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
> I have not tried to study each point in your message -- there were so > many -- but I noticed criticism of Savannah for not offering > two-factor authentication. > > When I was asked to do this, I couldn't do it, because it depended on > carrying a protable listening and surveillance device (aka cellular > phone). I don't see why: the way Gitlab does 2FA relies either on TOTP or on a secure-key (such as the somu), neither of which requires any kind of network correction (cellular or other). See https://en.wikipedia.org/wiki/FIDO2_Project and https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm Stefan
[Prev in Thread] | Current Thread | [Next in Thread] |