[arch-dev-public] Enforcing 2FA in GitHub organization
Hi all, I want to enable mandatory two-factor authentication in our GitHub organization. Few of you unfortunately don't use it and will be effectively removed when I flip the switch, which I plan to do next week, 6th July. allanbrokeit anthraxx Atsutane Bluewind brain0 City-busz djgera eli-schwartz foutrelis lordheavy phrakture SantiagoTorres seblu shibumi vesath wonder Bartłomiej
[2018-06-29 10:09:21 +0200] Bartłomiej Piotrowski via arch-dev-public:
No worries as far as I'm concerned: I only use GitHub once every other year... -- Gaetan
Em junho 29, 2018 5:09 Bartłomiej Piotrowski via arch-dev-public escreveu:
Hi Bartłomiej, I'm the manager of a github organization with more than 4k repos. Enabling mandatory 2FA is a good start. But there are some more things I would like to do: - Disable the permission for repository deletion by members (even with admin on the repo). Only owners should be able to delete repositories upon request. - Reduce the number of owners to a bare minimum. - Review all the 3rd party access and integration (so far I only saw travis). Also, I do have some scripts that use github's API to work with github's audit logs. Perhaps we can add something to our monitoring. Regards, Giancarlo Razzolini
Em junho 29, 2018 5:09 Bartłomiej Piotrowski via arch-dev-public escreveu:
Hi All, I have just enabled 2FA for the archlinux organization on github. The following users were removed: allanbrokeit brain0 City-busz djgera lordheavy phrakture seblu vesath wonder These users need to enable 2FA on their accounts and ask one of the owners to add them back to the organization. Regards, Giancarlo Razzolini
participants (3)
-
Bartłomiej Piotrowski
-
Gaetan Bisson
-
Giancarlo Razzolini