On Thu, Sep 15, 2022 at 5:55 PM Kevin Fenzi <kevin(a)scrye.com> wrote:
On Thu, Sep 15, 2022 at 09:26:36AM +0300, Alexander Bokovoy wrote:
>
> Proven packagers seem to be a fair category to address. Also packagers
> responsible for security-related bits of the distribution. Compilers?
Perhaps any packager who has a package in one of the critical path lists?
That number (of package(r)s) may be a bit large, though, for an initial cut
(as I recall, the total number of critical path packages is around 1000
in rawhide, although I have no idea how many packagers that is).
As far as I know, it's not possible to enforce otp per group is
it?
That would be a nice enhancement.
Especially if one would like that any enforcement be semi-automatic
rather than one more manual step when adding people to groups.
> Though with Token2 FIDO2 tokens that cost 14EUR themselves we
get close
> enough to a lower boundary.
Yeah, it will still be hard to require 100% of packagers, but it might
be doable.
And, as has been previously pointed out, it is also possible
(although depending on the implementation not as secure) to
use other pkcs11 backends, including software implementations.