[python-committers] Security: please enable 2-factor authentication on GitHub and your email
Paul Moore
p.f.moore at gmail.com
Mon Dec 11 13:14:41 EST 2017
On 11 December 2017 at 18:03, Donald Stufft <donald at stufft.io> wrote:
> So yea, it’s not as good as 2FA only everywhere, but the specific
> circumstances around these specific credentials makes it a reasonable
> usability trade off to allow them.
Cool. Security is always a usability vs security trade-off, and the
main thing here is not to push the balance too far - we need to
consider the potential issue of putting people off from contributing
as well as the risk of security compromises. (Open source is a hobby
activity for me - when it starts to feel too much like the day job, I
start getting twitchy :-))
Paul
More information about the python-committers
mailing list