On Tue, Sep 06, 2022 at 04:14:52PM -0500, Jonathan Wright via devel wrote:
On Tue, Sep 6, 2022 at 3:52 PM Vitaly Zaitsev via devel <
devel(a)lists.fedoraproject.org> wrote:
> On 06/09/2022 19:49, Michael Catanzaro wrote:
> > Of course, hardware authenticators would be even more secure, and it
> > sure seems pretty reasonable to expect that people with commit access to
> > Fedora packages are able to purchase a $25 or 30€ security key [1][2].
>
> Having to pay even $25 for a hobby project is not acceptable, IMO. If
> you want to enforce such a policy, find sponsors and buy devices for all
> Fedora contributors.
>
Fedora must be looked at as more than just a "hobby project" even though it
is a hobby for some.
It's an OS that many rely on and $25 is a somewhat trivial cost for
improved security.
What more, this cost would be amortized over multiple projects. One
hardware key can be used with any number of projects and personal
accounts.
--
Tomasz Torcz “If you try to upissue this patchset I shall be seeking
tomek(a)pipebreaker.pl an IP-routable hand grenade.” — Andrew Morton (LKML)