Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [scout-dev] Request for Enforcing Two-Factor Authentication for All Committers
  • From: Claudio Guglielmo <Claudio.Guglielmo@xxxxxxxxxxxxxxxx>
  • Date: Tue, 21 Mar 2023 14:43:33 +0000
  • Accept-language: de-CH, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bsi-software.com; dmarc=pass action=none header.from=bsi-software.com; dkim=pass header.d=bsi-software.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CIHotvDhmBcKggt36JeYSWh+VUtyO1cII90I61ZIPbc=; b=bkkpV7mBjFJ+j/90s5ehaYa3iAyTcL4/hVROo86bgbS6A/GXKlEevkACRUuLyVtNOqcBKEiTdCM7FsFJmnE0mI7lm3LrJ4gekhXzwFouvIkMbusLFAB0e5H6myPFK2riuqNp+5Zs5aDxgdF96f1/RSlgtdDedhYTPRJLFn8ktBaH82RGGYg8JSp33HfDq8pNuKN5iDDbxETlis4q+vikODZpbLrzHsn10VmrskVzO6zMygs62wEMER6NIJOitc8HUa3cUDv61rXsKJFzivuhOca6vd8dz4bICgXc8ksjezVtpNpRBogavSehArMBaV3QlPmrAJO3IAUZpL/BVRMGzg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RzGQ/IgQoYV8LRwZIUYn5cTGB+OMl6LM/ItD1dNtKsnMJmo17GT+WykbfpB4cMwpNS9bNt0camtP6Iy8bbn3p+iQ8Hh41ZPymPOKxqUbB/JfezPO9yzMfQfbKMmjUYQESm3lbgKrIai7d5gkmQEsiCmonZiAfamuG8ZKxJDGcfWaDap0FXNvMMZzj9QVF9uh4irrd/cUkn/jKtiLLxvCDyCcVNHkIPn5saHLMRClF3nPB5n7Xl0jv+V0nAezECmgK46iYpjrh1hoAcn2jv60BrGtbWlzqxJSbUTJS8bb6RpqvoZ46MA/9SoeugpXnbSh7LujAyQtEjTh5z4DgQbCUg==
  • Delivered-to: scout-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/scout-dev/>
  • List-help: <mailto:scout-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/scout-dev>, <mailto:scout-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/scout-dev>, <mailto:scout-dev-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHZTTIZKmLRNLEo3kiilsI0gEc57q7tjmvQgAuNPICADE7sAIAAAbWw
  • Thread-topic: [scout-dev] Request for Enforcing Two-Factor Authentication for All Committers

Yes, that’s fine. Thank you!

 

Von: Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx>
Gesendet: Dienstag, 21. März 2023 15:36
An: Claudio Guglielmo <Claudio.Guglielmo@xxxxxxxxxxxxxxxx>
Cc: Mailing list for Eclipse Scout developer discussion <scout-dev@xxxxxxxxxxx>
Betreff: Re: [scout-dev] Request for Enforcing Two-Factor Authentication for All Committers

 

Is it still ok to enforce 2FA starting tomorrow?

 

Cheers,


Mikaël Barbero 

Head of Security | Eclipse Foundation

🐦 @mikbarbero

Eclipse Foundation: The Platform for Open Innovation and Collaboration

 

 



On 13 Mar 2023, at 19:38, Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx> wrote:

 

Thank you Claudio for your positive response. I've created a ticket on the Foundation's help desk to track this effort: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/2806

 

I've scheduled the enforcement to be enabled on March 22nd. Feel free to comment on it if you want the date to be changed.

 

Cheers,


Mikaël Barbero 

Head of Security | Eclipse Foundation

🐦 @mikbarbero

Eclipse Foundation: The Platform for Open Innovation and Collaboration

 

 



On 6 Mar 2023, at 11:19, Claudio Guglielmo <Claudio.Guglielmo@xxxxxxxxxxxxxxxx> wrote:

 

Hi Mikael

 

Thank you for reaching out. Enforcing 2FA seems reasonable, so I asked our committers to enable 2FA. I think we can start enforcing it in one or two weeks.

 

Cheers,

Claudio

 

Von: scout-dev <scout-dev-bounces@xxxxxxxxxxx> Im Auftrag von Mikael Barbero via scout-dev
Gesendet: Donnerstag, 2. März 2023 19:08
An: scout-dev@xxxxxxxxxxx
Cc: Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx>
Betreff: [scout-dev] Request for Enforcing Two-Factor Authentication for All Committers

 

Some people who received this message don't often get email from scout-dev@xxxxxxxxxxx. Learn why this is important

Dear Eclipse Scout Team,

 

I am reaching out to request that your project enforces two-factor authentication (2FA) for all committers at GitHub. We, at the Eclipse Foundation, take the security of your project's code and data very seriously. Enforcing 2FA can greatly improve the security of your project and protect it from potential security breaches.

 

As you may know, 2FA adds an extra layer of security to the login process by requiring users to provide two forms of authentication: something they know (such as a password) and something they have (such as a security key or smartphone). This significantly reduces the risk of unauthorized access to sensitive information, as it makes it much more difficult for hackers to gain access to user accounts. With the increasing number of security breaches and cyberattacks, it is crucial for open source projects to take extra precautions to secure their code and data. Enforcing 2FA for all committers would be a simple yet effective way to enhance the security of your project. See a blog post of mine for additional details.

 

We understand that implementing 2FA may require some effort, but we are here to help. If you want to start enforcing it, just open a ticket on the Eclipse Foundation help desk. I can already tell you that less than 50% of committers have 2FA activated in your GitHub organization.

 

Finally, I would like to remind you that GitHub will eventually enforce 2FA for all projects by the end of the year. Take the lead on that and start right now!

 

Thank you for your time and consideration. I look forward to your response.

 

Cheers,


Mikaël Barbero 

Head of Security | Eclipse Foundation

🐦 @mikbarbero

Eclipse Foundation: The Platform for Open Innovation and Collaboration

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Back to the top