Dear Committers,
As part of our ongoing commitment to enhance the security of your projects and repositories, we are excited to announce a significant step forward in our cybersecurity measures.
Starting April 30th, we will be enforcing mandatory Two-Factor Authentication (2FA) across all Eclipse Foundation owned GitHub organisations. This move is aimed at bolstering our defences against potential unauthorised access and ensuring the integrity of your repositories and projects.
Current Status and Next Steps:
- For Organisations with Existing Mandatory 2FA:
- No action required. We commend your proactive stance in adopting this essential security measure.
- For Organisations Without Mandatory 2FA, But All Members Have 2FA:
- Plan: We will be transitioning to mandatory 2FA at the organisational level.
- Immediate Action: This email serves as a notification that, starting February 2nd, all new members must have 2FA enabled in order to join. Organisations in this situation will receive a notification when this is enforced.
- For Organisations Without Mandatory 2FA, and Not All Members Have 2FA:
- Impact: Post April 30th, any non-compliant members will temporarily lose write access until they enable 2FA.
- Deadline: Members are required to enable 2FA by April 30th to avoid any disruption to their access.
- Follow-Up: We will communicate reminders through project-specific -dev mailing lists and directly to individuals lagging in compliance.
Why is this Important?
The security of your projects and the integrity of your code are paramount. Implementing 2FA across all GitHub organisations is a critical step in safeguarding against unauthorised access and potential security breaches.
How to Enable 2FA?
Need Help?
Thank you for your cooperation and commitment to the security of the Eclipse Foundation's projects and infrastructure.
Cheers,
Mikaël Barbero
Head of Security | Eclipse Foundation