On Wed, 2026-07-01 at 06:13 -0400, Neal Gompa wrote:
> I mean, this one is mostly the fault of FreeIPA. It isn't designed for
> community projects, and shoehorning it into Fedora has resulted in
> this flaw. It won't be fixed because no corporate customer of IdM
> needs it, since the model works for business deployments.
> 
> It isn't going to get fixed because IdM doesn't consider Fedora an
> important customer/stakeholder/etc for feature development.

I don't think this is accurate at all. AFAIK FreeIPA has all the 2FA
support we could ever use - it supports far more sophisticated setups
than we've ever even tried. Alexander gives talks about this stuff
constantly. AFAIK the issues are rather with Ipsilon being ancient and
unmaintained, and integration into trickier workflows like fedpkg
(since most 2FA things tend to assume you're in a web browser), none of
which FreeIPA can do anything about.
-- 
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected]
https://www.happyassassin.net



-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to