@stonebear @mattly To me account security in shared environments is like hygiene. When one person's security stinks, it affects others. To me the real rudeness is in doubling down on bad hygiene when told that your security stinks.
Supply chain security in OSS is already a hot mess, and doesn't need even more worrying about impersonation just because someone *wants* to have poorer security to show a computer who's the boss.
@kornel @stonebear also if you actually read my post instead of inventing a straw man you’d see that I’m not actually ADVOCATING for removing 2FA; it’s the sentiment of “something you did in the past makes you a threat to a system you didn’t consent to be a part of”
“Supply Chain” security in OSS is going to continue to be a hot mess until it has the properties of a supply chain the actual real world, primarily the exchange of money. https://softwaremaxims.com/blog/Not-A-Supplier