Gitlab update, 2FA now mandatory
Ahmad Samir
a.samirh78 at gmail.com
Tue Oct 25 12:52:10 BST 2022
On 25/10/22 13:29, Harald Sitter wrote:
> On Tue, Oct 25, 2022 at 1:22 PM Ahmad Samir <a.samirh78 at gmail.com> wrote:
>>
>> Can a first time contributor create a fork, create multiple/100 MR's and spin up CI jobs? if yes,
>> then, first time contributors can disrupt the system.
>>
>> Weren't there some suspicious accounts that were using our gitlab instance for bitcoin mining (I
>> could be wrong, I vaguely remember someone from Sysadmin team talking about something like that)?
>> were these first time contributors or ones with developer accounts?
>
> I'm sure 2fa doesn't help with that (:
I am not a cyber security expert, but isn't 2FA comparable to captcha stuff? it's not hard, but it
takes some extra time. Which forum would a spammer target? the one with the "create account and
login immediately" or the one with "create account, verify captcha hell, verify email address"?
--
Ahmad Samir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20221025/4e1bb76e/attachment.sig>
More information about the kde-community
mailing list