doc: encourage 2FA before onboarding #8776
Conversation
|
/cc @ChALkeR |
| @@ -3,6 +3,12 @@ | |||
| This document is an outline of the things we tell new Collaborators at their | |||
| onboarding session. | |||
|
|
|||
| ## One week before the onboarding session | |||
|
|
|||
| * Ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in mamy of the Node.js repositories. | |||
There was a problem hiding this comment.
typo, here and in the commit message: mamy
There was a problem hiding this comment.
Perhaps "strongly suggest". I'd even prefer "wait until they've enabled" but this is probably a discussion that lives someplace else.
There was a problem hiding this comment.
@jbergstroem Let's keep it as «suggest» for now and re-evaluate later, there could be some issues with enabling 2FA that we are not aware of, and we don't want to scare new people from being added as collaborators.
Once we collect some feedback/results on this process, we could make it stricter, either by «strongly suggest» or by even enforcing 2FA as a hard requirement.
There was a problem hiding this comment.
Isn't this a very lengthy line?
There was a problem hiding this comment.
@thefourtheye It's wrapped now. Thanks.
There was a problem hiding this comment.
@addaleax typo fixed, thanks!
|
Btw, /cc @nodejs/collaborators. |
|
@eljefedelrodeodeljefe I'm curious, what kind of disruptions have you encountered? There are many ways to do 2fa, you don't even have to have a (smart)phone. |
|
@mscdex nothing too blocking, but annoyances like: needing to re-authenticate everywhere, this sometimes not working properly, re-auth in multiple terminals, git clients on the same machine, Not being able to quickly pull / clone on remote machines, where you don't store config, especially in non-OSS environments, sometimes auth on remote not even working, the list goes on. |
|
@eljefedelrodeodeljefe Is that with https? I've never had any problems with ssh. |
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories.
|
LGTM |
|
ugh sausage fingers... sorry |
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories. PR-URL: nodejs#8776 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ilkka Myller <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> Reviewed-By: Johan Bergstrom <[email protected]> Reviewed-By: Robert Jefe Lindstaedt <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]>
|
Landed in cad0423 |
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories. PR-URL: #8776 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ilkka Myller <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> Reviewed-By: Johan Bergstrom <[email protected]> Reviewed-By: Robert Jefe Lindstaedt <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]>
|
I'm curious, what are the extra privileges? |
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories. PR-URL: #8776 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ilkka Myller <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> Reviewed-By: Johan Bergstrom <[email protected]> Reviewed-By: Robert Jefe Lindstaedt <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]>
|
@AndreasMadsen I believe pushing to master, for example |
|
@thealphanerd I could do that before enabling 2FA. |
We encourage 2FA. That is all (at this time). There is currently no connection between "enable 2FA" and "get more privileges" for the typical Collaborator. |
|
2FA is required if you're on the security team, and possibly the build team as well. Do we also have requirements for PGP signing for both of those groups as well? Is this written down anywhere? |
Signing what exactly? |
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories. PR-URL: #8776 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ilkka Myller <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> Reviewed-By: Johan Bergstrom <[email protected]> Reviewed-By: Robert Jefe Lindstaedt <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]>
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories. PR-URL: #8776 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ilkka Myller <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> Reviewed-By: Johan Bergstrom <[email protected]> Reviewed-By: Robert Jefe Lindstaedt <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]>
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories. PR-URL: #8776 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ilkka Myller <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> Reviewed-By: Johan Bergstrom <[email protected]> Reviewed-By: Robert Jefe Lindstaedt <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]>
In the onboarding document, add a note to ask the new Collaborator if they are using two-factor authentication on their GitHub account. If they are not, suggest that they enable it as their account will have elevated privileges in many of the Node.js repositories. PR-URL: #8776 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ilkka Myller <[email protected]> Reviewed-By: Сковорода Никита Андреевич <[email protected]> Reviewed-By: Johan Bergstrom <[email protected]> Reviewed-By: Robert Jefe Lindstaedt <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James M Snell <[email protected]>
Checklist
Affected core subsystem(s)
doc
Description of change
In the onboarding document, add a note to ask the new Collaborator if
they are using two-factor authentication on their GitHub account. If
they are not, suggest that they enable it as their account will have
elevated privileges in mamy of the Node.js repositories.