[opendut-dev] FW: Important: Implementation of Mandatory 2FA Across all

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[opendut-dev] FW: Important: Implementation of Mandatory 2FA Across all Eclipse Foundation GitHub Organizations

From: <johannes.baumgartl@xxxxxxxxxxxxxxxxx>
Date: Wed, 28 Feb 2024 14:26:44 +0000
Accept-language: de-DE, en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mercedes-benz.com; dmarc=pass action=none header.from=mercedes-benz.com; dkim=pass header.d=mercedes-benz.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8cZnX67U8e0TEyVWbASn89cR556288hYqTXgLF2f0fU=; b=L6RLohjC/tUUsw6XOzMle/iLWPffQStwo2/ZurOb7F9szENFRa8saFv5HAiveAPNJh0q5bKGus/lbKcQ2CkIIVNKoZH2fD96Kaoxux+o4hnAbpLCS4umjFCw9YFMndj5rv5/xpCvMGWBQu67PWq35p2D5HBUvL7kMMV3DqvZT33RxbtmSevBNZgz8yGGqr4cHv1DDRKGmQYF6t219679/gdBbs0HGM/qatG/F4XQGKzN/LFB+u/YAD2+coceJnZYNyb/FKrphwgflr3fVkAAPm0C9ZxmbWRRPpaWMChYf7FmDg8iFVCw5aIGEYwihF6xbdeCGnPDjNzvoD2BdIBVqQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DAXe2XEaZhGts/XDoUg+eCyDtSFTJYW6uAwoI52PQlXebZ/vv9BkcN/UnNJWUXKWpkxXgiNsoVlAXbCIfNoB8GcE/B3r6iHIW3KAcjnuItuIlyecWQ4XGUZLBGX7r/wDes7q4UHaXEMWsNX6cECJKRHkbP5TFg3zUSIvsqDipFH/wPLx3SdIy+WAtYOEwSRa7ZW1eN5/89jiBdGJ5tXT5ZyBgW67BdsbhcYfy1Nb2QPc8CwXqcsOAFXHtTAg6WaLMQChdNbIJr0FPV8lx1hm4mF0bIw4Glh1b7w1ZVjkD9EG7rma4pnu+y39l2w+UIwN9LOzUqImuTzFIye83qtnWw==
Delivered-to: opendut-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/opendut-dev/>
List-help: <mailto:opendut-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/opendut-dev>, <mailto:opendut-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/opendut-dev>, <mailto:opendut-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHaalC5yLoHlKxUGUi64CV9rVDXUrEfzffg
Thread-topic: Important: Implementation of Mandatory 2FA Across all Eclipse Foundation GitHub Organizations

Dear fellow Developers,

please enable the two factor auth or give the project leads and the EMO feedback, that you don’t want to be listed as developer for opendut anymore.

Best Regards,

Joe

From: mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, February 28, 2024 3:16 PM
To: security@xxxxxxxxxxxxxxxxxxxxxx
Cc: Baumgartl, Johannes (415) <johannes.baumgartl@xxxxxxxxxxxxxxxxx>; Oliver Hartkopp <oliver.hartkopp@xxxxxxxxxxxxx>; Stefan Marksteiner <stefan.marksteiner@xxxxxxx>; Thomas Irmscher <thomas.irmscher@xxxxxxxx>
Subject: Important: Implementation of Mandatory 2FA Across all Eclipse Foundation GitHub Organizations

[**EXTERNAL E-MAIL**]

Dear Eclipse openDuT Project Lead,

As part of our ongoing commitment to enhancing the security of your projects and repositories, we are excited to announce a significant advancement in our cybersecurity measures.

Following our previous communications, first on January 14th, second on February 2nd shared through the eclipse.org-committers mailing list, and detailed in the associated support ticket, we will be implementing a requirement for two-factor authentication (2FA) across the entire GitHub organization for your project on April 30th. This initiative is critical for safeguarding your projects.

It has come to our attention that 6 members of your project don't have 2FA enabled. We've just sent them an email to strongly encourage them to activate 2FA on their GitHub account before April 30th to avoid any disruptions in access. They also received instructions similar to the ones below about why and how they should enable 2FA. We strongly encourage you to follow up with them to ensure they have received the email and have taken the necessary steps to enable 2FA.

Why is 2FA important?
2FA adds an extra layer of security to ensure that individuals attempting to access an online account are who they claim to be. After entering their username and password, a user must provide another form of verification. This could be a code received via text message, an app on your smartphone, or a hardware security key. Enabling 2FA is nowadays a standard security practice across many platforms.

What happens if those members don't enable 2FA?
Failing to enable 2FA on their GitHub account by April 30th will result in temporary loss of access to the Eclipse openDuT repositories. Consequently, they will be unable to push new code or merge pull requests. While they can still fork the repositories and work on their fork, direct contributions to the project repositories will be restricted until 2FA is enabled.

How to enable 2FA on their GitHub account?
GitHub provides detailed instructions for enabling 2FA. Should you need assistance, feel free to reach out to their support team. For any further questions or assistance in setting up 2FA, do not hesitate to open a ticket on our HelpDesk or comment on the ticket tracking this initiative.

Thank you for your cooperation and dedication to security.

Cheers!

The Eclipse Foundation Security Team

🐦 @eclipsefdn

Eclipse Foundation: The Platform for Open Innovation and Collaboration

If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.

Prev by Date: [opendut-dev] Follow-up: Front-end, test execution discussion
Next by Date: [opendut-dev] Committer Election for Veronika Tadros on Eclipse openDuT has started
Previous by thread: [opendut-dev] THEO - a test environment for OpenDuT
Next by thread: [opendut-dev] Committer Election for Veronika Tadros on Eclipse openDuT has started
Index(es):
- Date
- Thread

Breadcrumbs