18:32:25 #startmeeting 18:32:25 Meeting started Wed Aug 19 18:32:25 2020 UTC. The chair is sumpfralle2. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:32:25 Useful Commands: #action #agreed #help #info #idea #link #topic. 18:32:40 It is Wednesday evening again - time for our weekly IRC meeting ... 18:33:04 The last weeks showed some signs of people hanging around in the sun - let us see, whether that changed today :) 18:48:01 hi 18:49:07 as I said elsewhere, i'd like to enable mandatory 2FA on our orga members account on github 18:55:47 +1 18:56:02 It won't bar anyone from participating in munin, just not be part of the org team 18:56:29 well, as far as our github is concerned ;) 18:57:14 I privately notified the ones concerned, and we are in process of resolving the matter. I'll hit the "enable" button somewhere tonight. 18:57:51 not much else 19:03:10 TheSnide: is this relevant for me? 19:04:45 The github doc says, its 2FA is transmitted via SMS or a mobile app. I do not use a mobile phone, thus it would be challenging for me. 19:04:48 if you got a private email it is ;) 19:05:16 github can use yubico keys too 19:05:30 i think it can use USB keys 19:05:33 yes, thanks for the reminder, I received the mail 19:05:39 no email? 19:05:44 (email for 2FA) 19:05:55 https://docs.github.com/en/github/authenticating-to-github/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key 19:09:53 hm - the "security key" section sounds like it only works with a hardware token. 19:11:03 yeah, how else would you have a second factor? 19:11:15 by email? 19:11:16 seems that https://gitlab.gnome.org/World/Authenticator fits the "softtoken" 19:12:41 TheSnide: thanks, I will take a look at it. 19:13:38 how are you not doing any 2FA 19:13:50 I enable 2FA on every possible thing 19:13:55 I guess, my approach would be in line with h01ger's email response (re-joining the org group after I have some kind of 2FA source suitable for github) 19:15:03 kenyon: I survive perfectly fine without any incidents or accidents :) 19:15:08 35 accounts in my authenticator app 19:16:35 you could probably get an old iPhone or Android phone for ~free and use it for auth 19:16:48 no phone service needed 19:30:41 This could be an emergency approach. But I am a bit strict with my (non-)usage of non-free software. I guess, "just take an old phone" gets a bit complicated combined with this trait of character. 19:31:13 Anyway: there will be a soft-token approach or I look for a proper hardware token generator. 19:42:14 it's probably 99% Free Software 19:45:13 sounds like "almost trustworthy" :) 19:45:24 anyway - this is a different discussion ... 19:52:05 can you trust GitHub then? 19:52:11 you use that 19:53:01 it's mostly free software too, but how can you know 19:56:26 I would strongly prefer, not to use github, of course. 19:56:51 But I do not see this as a good argument of reducing my requirements for personal devices. 19:57:00 Anyway - a different discussion :) 20:00:28 it's not really a different discussion, because your strict adherence to ideology is preventing you from using github in the most secure way available 20:01:08 so if your account is compromised, this is a problem for the project 20:03:27 looks like that software authenticator should work though 20:03:35 hopefully 20:04:51 "this is a problem for the project" <-- that's my rationale to enforce 2FA on org memebers 20:05:18 anyway, nothing to add, and I have to leave. 20:05:44 Good night! 20:05:47 #endmeeting