Thread Previous • Date Previous • Date Next • Thread Next |
On 2019-11-25 06:08, Wayne Stambaugh wrote:
Hi Mark, Do you mean using a GPG key? I see the gitlab supports signed commits so would that be an adequate solution? I'm fine with this, it'sprobably something we should be doing anyway. Anyone else object to this?
2FA would be using something like Google Authenticator on your phone, a YubiKey or SMS message code to verify your login on a computer in addition to the password.
The worry is that SSH keys can be added to a compromised account that would allow an attacker to change the code/website/packages/etc.
-S Seth Hillbrand KiCad Services Corporation https://www.kipro-pcb.com +1 530 302 5483 | +1 212 603 9372
Thread Previous • Date Previous • Date Next • Thread Next |