Gregory's Server|
9 comments
 @kornel @stonebear also if you actually read my post instead of inventing a straw man you’d see that I’m not actually ADVOCATING for removing 2FA; it’s the sentiment of “something you did in the past makes you a threat to a system you didn’t consent to be a part of” “Supply Chain” security in OSS is going to continue to be a hot mess until it has the properties of a supply chain the actual real world, primarily the exchange of money. https://softwaremaxims.com/blog/Not-A-Supplier  @mattly @stonebear I'm just talking about 2FA. It's perfectly reasonable to require 2FA on all accounts. It's safer to err on the side of requiring unimportant accounts to have 2FA, than risking an important user to have an account compromised. That is entirely orthogonal to the funding structure. The risk and responsibility exists due to code sharing and trust structures, regardless whether people are paid for it or not. On Star Trek they'd require you to have 2FA too. @kornel @stonebear And my post is not about 2FA. The point is not that, and you continue to see past it. @mattly @stonebear I've just responded to a single toot that @janl boosted where you wanted to disable 2FA in a tantrum. It's just not a sensible reaction to a reasonable requirement. There are much bigger problems, but your defiance isn't solving them, and would just create more if 2FA wasn't mandatory.  @mattly @stonebear @janl As for your post: The fact that you don't fit a definition of a "supplier" doesn't mean you're not involved in this software-thing, only that the label given to it doesn't properly describe who the participants are. @mattly @stonebear @janl 2. And you've used "FOSS" term for what is OSS, but that's not surprising, since it was designed to be confused. @kornel @mattly @stonebear for the love of god, please accept that you misread the post and stop. |
@stonebear @mattly To me account security in shared environments is like hygiene. When one person's security stinks, it affects others. To me the real rudeness is in doubling down on bad hygiene when told that your security stinks.
Supply chain security in OSS is already a hot mess, and doesn't need even more worrying about impersonation just because someone *wants* to have poorer security to show a computer who's the boss.