On Wed, Jul 1, 2026 at 9:33 AM Daniel P. Berrangé <[email protected]> wrote:
> On Tue, Jun 30, 2026 at 10:42:59AM -0600, Brendan Conoboy wrote: > > - 2FA for all packagers: My team was working on a proposal when FESCo > > invented a lesser process for the change scoped to proven packagers. We > > assumed the full formal process was needed, but when contemplating > > something similar, FESCo choose a simpler path. We would have engaged > > sooner if we'd known there was a lower bar. > > FWIW, the use of a directly filed FESCO ticket to decide on 2FA policy > was consistent with the previous way FESCO handled a suggestion to > mandate 2FA two years ago shortly after the xz incident. > > A rollout of 2FA to PP is merely a starting point. We still need a > formal proposal for rolling it out more broadly. > Yes, it appears going that way would have been fine, but evidently it didn't need to be that formal. We view the M2FA4PP decision (grin) as a positive development, as it will surface the issues that need to be managed when we propose including a broader set of groups in the mandate. In the absence of a documented process, discussion usually gets us where we want go, but good process gets us there faster with greater buy-in. So, nothing bad happened here. But something *good* would have happened sooner if we'd known a lower bar was an acceptable way to start things out. Maxwell's suggestion for a pre-feedback norm would help in cases like this. -- Brendan Conoboy / Community Linux Engineering / Red Hat
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
