[arch-dev-public] Enforcing 2FA in GitHub organization
grazzolini at archlinux.org
Mon Jul 2 11:57:54 UTC 2018
Em junho 29, 2018 5:09 Bartłomiej Piotrowski via arch-dev-public escreveu:
> Hi all,
> I want to enable mandatory two-factor authentication in our GitHub
> organization. Few of you unfortunately don't use it and will be
> effectively removed when I flip the switch, which I plan to do next
> week, 6th July.
I'm the manager of a github organization with more than 4k repos. Enabling
mandatory 2FA is a good start. But there are some more things I would like to do:
- Disable the permission for repository deletion by members (even with admin on the repo).
Only owners should be able to delete repositories upon request.
- Reduce the number of owners to a bare minimum.
- Review all the 3rd party access and integration (so far I only saw travis).
Also, I do have some scripts that use github's API to work with github's audit logs. Perhaps
we can add something to our monitoring.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 870 bytes
Desc: not available
More information about the arch-dev-public