Gitlab update, 2FA now mandatory

Victoria Fierce tdfischer at hackerbots.net
Tue Oct 25 04:39:32 BST 2022


I would like to think that anyone who either knows /enough/ about KDE that they want to contribute or has used basically any other internet service before coming to KDE is already familiar with 2FA that it won't be a problem for them. Our users are smart, our devs are also (often) smart, everyone involved is probably smarter and more capable than we would imagine. If KDE contributions decline for any reason, I don't think it would be for technical ones. My bank needs 2FA, my paypal needs 2FA, my work needs lordt-knows-how-much 2FA, heck even when I'm using Matrix I need to do some kind of 2FA-ish dance to verify the login and distribute crypto keys.

On Mon, Oct 24, 2022, at 9:19 AM, Christoph Cullmann (cullmann.io) wrote:
> Hi,
>
>>> Could the 2FA stuff perhaps be limited to people with developer role
>>> or
>>> such?
>> 
>> It is technically possible to only apply the mandatory 2FA rules to
>> only certain groups as Developer accounts are simply membership in
>> teams/kde-developers.
>> See
>> https://docs.gitlab.com/ee/security/two_factor_authentication.html#enforce-2fa-for-all-users-in-a-group
>> for the documentation on this.
>> 
>> Given that we are using Invent for authenticating our various other
>> services and the users of those aren't necessarily developers (while
>> still having access to sensitive information) it seemed more prudent
>> to enforce 2FA for everyone to ensure all our systems have a minimum
>> baseline of industry best practice protection in place.
>> 
>> This also avoids any issue when people are granted a developer account
>> and suddenly find themselves subject to a new requirement.
>
> I think it is rather worse that now first time contributors have this 
> requirement.
>
> A lot of people already complain "why can I not just use my GitHub 
> account',
> now they need to setup this in addition.
>
> And yes, beside for invent.kde.org, I never needed to use my Google Auth
> App beside for some hosting.
>
> All other things I use that have 2FA use different methods that don't 
> need
> any such app on my phone.
>
> Therefore that is more then just 2 clicks for a lot of people.
>
> Greetings
> Christoph
>
> -- 
> Ignorance is bliss...
> https://cullmann.io | https://kate-editor.org


More information about the kde-community mailing list