On Fri, Apr 12, 2024 at 03:45:40PM -0400, Steve Cossette wrote:
What about simply blocking access to the git repos/koji/bodhi for
those
without 2fa?
Well, git I suppose could be a hook that checks the status of the user,
but koji and bodhi don't really have any place to hook that in directly.
They would have to add something in their permissions models to check
for specific actions.
Denying access to koji and bodhi entirely for people without 2fa is...
way too wide. bodhi updates would never get karma from users who didn't
bother to set it up, people just doing scratch builds would be affected,
etc.
So, sure, it's possible, but would be a lot of new code needing written.
kevin