Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have! https://codeberg.org/forgejo/forgejo/pulls/4662
This profile might be incomplete.
Open on social.linux.pizza Gustedprefers-color-scheme:
dark
Keyoxide:
Contact infoWebsite:
Personal infoAbout:
I’m aware (and the NSA is), that I’m pretty 🌈. Gallium + Yttrium
Wall 2 posts
Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have! https://codeberg.org/forgejo/forgejo/pulls/4662 Hello everyone, if you're reading about the #gitea changes. It could benefit to understand the full picture, I've written a summary of what happened today and as well what @dachary, @humanetech and I found out today.
Show previous comments
@Gusted @dachary @humanetech (Disclaimer: I am Red Hat's EMEA Evangelist since many years) Well, this is what happens when you talk with VC. They want exclusivity on trademarks, intellectual property etc. And no, they typically don't want this to happen in the open. Secrecy is always a requirement for them. But now that it all is in the spotlight, the community can ask fro more clarification and garantuees. In a respectful way. Not by flamewars everywhere ;) @Gusted @dachary @humanetech “I’m looking for VC money, a few millions” – this, combined with the announcement yesterday, actually has me more worried. It shows that either Lunny doesn’t understand what VC is or that there’s a desire to make a lot of money with Gitea in a way that isn’t compatible with being a community project. “Enterprise version” plans are not great either. Just look at GitLab. CodeBerg might want to consider sustaining their own fork while the codebase is still simple. |
> Something that has come up in these situations is that such people usually have a (verified) SSH key added to their account and could use that to prove they are the owner of the account, by the possession of such SSH key.
okay so what's the point of enforcing any TOTP if it's basically defeated by possessing a verified SSH key?
> Something that has come up in these situations is that such people usually have a (verified) SSH key added to their account and could use that to prove they are the owner of the account, by the possession of such SSH key.
@Gusted @forgejo nice to see the potentially in Forgejo. I wasn't even aware that #gitlab can do this.
@Gusted @forgejo that feature may save my life