[arch-dev-public] Enforcing 2FA in GitHub organization

Giancarlo Razzolini grazzolini at archlinux.org
Mon Jul 2 11:57:54 UTC 2018

Em junho 29, 2018 5:09 Bartłomiej Piotrowski via arch-dev-public escreveu:
> Hi all,
> I want to enable mandatory two-factor authentication in our GitHub
> organization. Few of you unfortunately don't use it and will be
> effectively removed when I flip the switch, which I plan to do next
> week, 6th July.
> allanbrokeit
> anthraxx
> Atsutane
> Bluewind
> brain0
> City-busz
> djgera
> eli-schwartz
> foutrelis
> lordheavy
> phrakture
> SantiagoTorres
> seblu
> shibumi
> vesath
> wonder
Hi Bartłomiej,

I'm the manager of a github organization with more than 4k repos. Enabling
mandatory 2FA is a good start. But there are some more things I would like to do:

- Disable the permission for repository deletion by members (even with admin on the repo).
Only owners should be able to delete repositories upon request.
- Reduce the number of owners to a bare minimum.
- Review all the 3rd party access and integration (so far I only saw travis).

Also, I do have some scripts that use github's API to work with github's audit logs. Perhaps
we can add something to our monitoring.

Giancarlo Razzolini
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 870 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20180702/605f9da6/attachment.sig>

More information about the arch-dev-public mailing list