Re: Proposal to include obligatory PGP verification of packages from any

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal to include obligatory PGP verification of packages from any

From:	Stefan Monnier
Subject:	Re: Proposal to include obligatory PGP verification of packages from any repository
Date:	Tue, 20 Oct 2020 01:52:35 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)

> I have not tried to study each point in your message -- there were so
> many -- but I noticed criticism of Savannah for not offering
> two-factor authentication.
>
> When I was asked to do this, I couldn't do it, because it depended on
> carrying a protable listening and surveillance device (aka cellular
> phone).

I don't see why: the way Gitlab does 2FA relies either on TOTP or
on a secure-key (such as the somu), neither of which requires
any kind of network correction (cellular or other).

See https://en.wikipedia.org/wiki/FIDO2_Project
and https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Proposal to include obligatory PGP verification of packages from any repository, (continued)

Prev by Date: Re: ~Make emacs friendlier: package documentation [POC CODE INCLUDED]
Next by Date: Re: adding to emacs coding standard / formatting
Previous by thread: Re: Proposal to include obligatory PGP verification of packages from any repository
Next by thread: Re: Proposal to include obligatory PGP verification of packages from any repository
Index(es):
- Date
- Thread