Re: [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All C

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All Committers

From: Scott Marlow <smarlow@xxxxxxxxxx>
Date: Wed, 8 Mar 2023 14:10:26 -0500
Delivered-to: ee4j-pmc@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/ee4j-pmc/>
List-help: <mailto:ee4j-pmc-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/ee4j-pmc>, <mailto:ee4j-pmc-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/ee4j-pmc>, <mailto:ee4j-pmc-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0

Did anyone else get "Unable to connect to the database server at this time(bugs_ro)." failure when attempting to open a help desk ticket?

I was going to file a ticket as I just got an email that I don't have 2FA enabled for my github account but I do have 2FA enabled:

"
You've been removed from the "Jakarta EE" team "ee4j-jakartaee-tck-committers"
"

Scott

On 3/2/23 12:13 PM, Mikael Barbero via ee4j-pmc wrote:

Dear EE4J/JakartaEE PMC Team,

I am reaching out to request that your project enforces two-factor authentication (2FA) for all committers at GitHub. We, at the Eclipse Foundation, take the security of your project's code and data very seriously. Enforcing 2FA can greatly improve the security of your project and protect it from potential security breaches.

As you may know, 2FA adds an extra layer of security to the login process by requiring users to provide two forms of authentication: something they know (such as a password) and something they have (such as a security key or smartphone). This significantly reduces the risk of unauthorized access to sensitive information, as it makes it much more difficult for hackers to gain access to user accounts. With the increasing number of security breaches and cyberattacks, it is crucial for open source projects to take extra precautions to secure their code and data. Enforcing 2FA for all committers would be a simple yet effective way to enhance the security of your project. See a blog post of mine for additional details: https://mikael.barbero.tech/blog/post/2022-11-22-2fa-for-developers/

We understand that implementing 2FA may require some effort, but we are here to help. If you want to start enforcing it, just open a ticket on the Eclipse Foundation help desk. I can already tell you just above 60% of committers have 2FA activated on both jakartaee and ee4j GitHub organizations.

Finally, I would like to remind you that GitHub will eventually enforce 2FA for all projects by the end of the year. Take the lead on that and start right now!

Thank you for your time and consideration. I look forward to your response.

Cheers,

Mikaël Barbero

Head of Security | Eclipse Foundation

🐦 @mikbarbero

📅 Book an appointment

Eclipse Foundation: The Platform for Open Innovation and Collaboration
_______________________________________________
ee4j-pmc mailing list
ee4j-pmc@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/ee4j-pmc

Follow-Ups:
- Re: [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All Committers
  - From: Otavio Santana

References:
- [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All Committers
  - From: Mikael Barbero

Prev by Date: Re: [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All Committers
Next by Date: Re: [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All Committers
Previous by thread: Re: [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All Committers
Next by thread: Re: [ee4j-pmc] Request for Enforcing Two-Factor Authentication for All Committers
Index(es):
- Date
- Thread

Breadcrumbs