2FA for the entire org #301
Comments
|
Very +1 to step 1, good step toward a better state. No 2fa, no access. wrt the rest, I'm not convinced we need it to be codified that way. Can we just collect all of the objections here and assess now based on that? We've been chasing people for this for at least a year now right? We already have some feedback and afaik none of it provides a strong point against 2fa. The benefits of 2fa stand on their own and I'd hope we could see our way clearly to agreeing whether it's good for the org or not before even progressing down that path (implicit here is that I think we've already made that assessment and voting for step 1 is an endorsement of that). |
@rvagg No, that's not right. We made this A Thing for people in the collaborators team. What we're talking about here is making it A Thing org wide, which will affect hundreds more people who have never been notified about this in any way as far as I know. |
|
What would the concern be though, that would be worth the lack of security? |
@ljharb I'll let someone else answer because I'm totally in favor of 2FA everywhere. What I can tell you is that while I think most people are on board, there was not unanimity about it in a long-running previous private conversation. This issue is a direct result of that conversation. Sorry if I'm being cryptic. |
|
Would it be helpful to tl;dr here any concerns about enabling it everywhere? |
|
#1 concern was equal access to 2 factor authentication tools in all
countries
…On Aug 10, 2017 2:53 PM, "Jordan Harband" ***@***.***> wrote:
Would it be helpful to tl;dr here any concerns about enabling it
everywhere?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#301 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAecV1b7wwiAfObW3bCOc6VICKTWul_nks5sW1GTgaJpZM4OggJg>
.
|
|
Gotcha - in which countries is access to email and/or a textable cellphone number an issue? |
|
I'm +1 to Rich's suggestion for step 1. If makes progress towards the goal and will give us solid data as to whether there are concerns in implementing it repo wide. If we find people having problems when we ask them to use 2fa we can re-evaluate. |
|
Agree with @mhdawson. Plus there are tools we can recommend that just 2fa from a computer, even if it is the same one. While not ideal maybe it could work as a backup. |
|
Picking this up again! Hello, @nodejs/members! If you do not have two-factor authentication enabled on your GitHub account, would you please consider enabling it? I'm advocating for requiring it, and it's much easier to make that case if nearly everyone already has it enabled. :-D Thanks for your consideration! |
|
(I'm removing the |
|
Just wondering, what power do members (for being members) have? For collaborators - someone could cause an inconvenience. |
|
@benjamingr I think members can create teams and repos in |
@benjamingr I'll respond over in the members discussion about this subject. |
|
2FA for the entire org has been enabled. |
|
@Trott How many members were removed because of this (assuming that's how it works). |
|
I have got a mail remove from nodejs. It notices me that enable 2FA. |
|
Yeah, that's definitely how it works. I just got my broken phone back earlier today and after an hour of use, it turned out it was still broken. As a consequence, I temporarily turned off 2FA on many of my accounts. That unfortunately coincided with the enforcement of the policy, which I fully support and which I've actually been pushing at our own company as well, by the way. @Trott Please show some love to a guy who's been without a proper smartphone for several weeks now and let me back in. Needless to say, I've re-enabled 2FA. Sorry for the burden. |
|
@Trott @bnb @freenice12 Same here. |
|
@Trott 2FA is enabled, how to rejoin nodejs org? |
|
@freenice12 I've sent you an invitation to rejoin nodejs-ko team. If you have 2FA enabled, you can accept the invitation. If you don't have 2FA enabled, you can enable it first and then accept the invitation. |
|
@timdb I've sent you an invitation to rejoin nodejs-nl. If you have 2FA enabled, you can accept the invitation. If you don't have 2FA enabled, you can enable it first and then accept the invitation. |
|
Same here, i've been kicked out. I enabled 2FA since. I don't need to be part of nodejs org. Maybe it's useful to remind collaborators of my involvement. |
|
@Trott 2FA is enabled, how to join nodejs org? |
|
@kapouer It unfortunately does not appear to be a terribly active team (last commit to the nodejs-fr repo was October 2015), but I've added you. Maybe it will get going again soon. This issue was opened in October 2017: nodejs/nodejs-fr#88 |
|
@detailyang You should now have an invitation in GitHub for the website team. Thanks. |
|
@artcygn You should now have an invitation in GitHub to rejoin nodejs-ru. Thanks. |
|
@harshadsabne You should now have an invitation in GitHub to rejoin nodejs-hi. Thanks. |
|
@ramimoshe Your username is not showing up as one of the usernames that was removed. If you know what team you were a member of or wish to be a member of, you can request membership. |
|
Hi @Trott , I would like to join nodejs-fr team. Thank you. |
|
@ram-you Done. Everyone else: I may not honor further requests to join new localization teams pending some feedback from Community Committee about how it works these days. |
|
@Trott My fault for not checking my GitHub-only inbox. Is there any chance that I could rejoin? |
|
@laosb You should have an invitation to nodejs-cn team again. Thanks. |
|
I have enabled 2FA. Can anyone send me an invitation? |
|
@anio You should have an invitation to rejoin @nodejs/nodejs-fa (which will also add you to the Localization and members teams). |
|
@Trott Thank you! |
|
@Trott I also lost access to the org somehow. I'm not actively using it, but I did quite enjoy the badge on my profile. |
@feross I don't want to be a killjoy, but I wouldn't want someone else to add people for that reason, so I'm not going to do it myself. If there's a team or working group that you are active on or would like to be more involved with, let's get you set up that way. I can suggest some ideas if you want to hit me up in email / IRC / Twitter. |
|
@Trott Makes sense. |
|
@feross I'd like to point out that your contribution to Node is more than welcome and I'm sure there are many things you can help with :) |
|
@Trott Can you add me back into solaris and freebsd please |
|
@No9 You should now have invitations for both. |
|
@Stichoza OK, you now have an invitation for nodejs-ka. |
|
(As an aside: I'd recommend avoiding the word "guys". It's everywhere and lots of people use it without thinking about it. But it can be perceived as excluding people. There are certainly people who don't perceive it that way, but since some people do, consider using "folks" or "people" or "everyone" or "friends" or nothing at all.) |
|
Hello, I just enabled the two-factor authentication. Can anyone send me an invitation? Thank you! |
|
@pin3da Done! |
|
@Trott could you also add me to https://github.com/nodejs/nodejs-es ? (2FA already done) |
|
Thank you @Trott (: |
|
@krosti You should now have an invitation waiting to be accepted in the GitHub interface. |
|
@Trott done, thanks! |
and others
Is there TSC consensus on step 1 below?
It seems like step 2 and step 3 would not need TSC buy-in. Of course, step 4 would.
/cc @ChALkeR
The text was updated successfully, but these errors were encountered: