[python-committers] Security: please enable 2-factor authentication on GitHub and your email
R. David Murray
rdmurray at bitdance.com
Mon Dec 11 14:52:54 EST 2017
On Mon, 11 Dec 2017 18:14:41 +0000, Paul Moore <p.f.moore at gmail.com> wrote:
> On 11 December 2017 at 18:03, Donald Stufft <donald at stufft.io> wrote:
> > So yea, it’s not as good as 2FA only everywhere, but the specific
> > circumstances around these specific credentials makes it a reasonable
> > usability trade off to allow them.
>
> Cool. Security is always a usability vs security trade-off, and the
> main thing here is not to push the balance too far - we need to
> consider the potential issue of putting people off from contributing
> as well as the risk of security compromises. (Open source is a hobby
> activity for me - when it starts to feel too much like the day job, I
> start getting twitchy :-))
Indeed. If 2fa is required for contribution to CPython, I'll stop
contributing. Granted, I haven't done many merges lately, but a few
is a bigger number than zero :)
--David
More information about the python-committers
mailing list