Require 2FA on github #47759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

twoertwein opened this issue Jul 16, 2022 · 1 comment

Labels

Admin

Member

twoertwein commented Jul 16, 2022

Pandas is a "critical" project on pypi: people who can upload wheels to pypi need 2FA enabled on their pypi account. The python project is considering requiring 2FA for all their github members: https://discuss.python.org/t/new-python-organization-repository-policy/17376

How about requiring pandas members to also have 2FA setup for github?

xref #44886 https://pypi.org/security-key-giveaway/

Member

mroeschke commented Jul 18, 2022 •

edited

Loading

I would be +1. I do understand the "requiring volunteers to incur more responsibility" argument though.

Looks like it could be enforced within the pandas-dev organization level https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization

Might be a detail to be included in the governance docs if agreed upon. #47694

mroeschke added the Admin label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment