On Tue, Jun 30, 2026 at 10:42:59AM -0600, Brendan Conoboy wrote:
> - 2FA for all packagers: My team was working on a proposal when FESCo
> invented a lesser process for the change scoped to proven packagers.  We
> assumed the full formal process was needed, but when contemplating
> something similar, FESCo choose a simpler path. We would have engaged
> sooner if we'd known there was a lower bar.

FWIW, the use of a directly filed FESCO ticket to decide on 2FA policy
was consistent with the previous way FESCO handled a suggestion to
mandate 2FA two years ago shortly after the xz incident.

A rollout of 2FA to PP is merely a starting point. We still need a
formal proposal for rolling it out more broadly.

With regards,
Daniel
-- 
|: https://berrange.com       ~~        https://hachyderm.io/@berrange :|
|: https://libvirt.org          ~~          https://entangle-photo.org :|
|: https://pixelfed.art/berrange   ~~    https://fstop138.berrange.com :|

-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to