A.

On Thu, Jan 13, 2022, 21:02 Martin Owens <doctormo@gmail.com> wrote:
I vote a.

We've talked about this project for a while. Having this budget in
place will make it easier for Marc to organise this effort so I have no
problems will the full amount.

Thanks Marc!

Best Regards, Martin Owens

On Thu, 2022-01-13 at 21:41 +0100, Marc Jeanmougin wrote:
> Dear leadership committee,
>
> Your attention is required to vote on the following matters:
>
> Background:
>
> Some contributors have, or need to have, access to social media
> accounts
> to post on the behalf of the project, or to infrastructure accounts,
> most importantly gitlab. For computer security, we would like to
> protect
> those accesses with a safe 2FA method, and the safest method to
> avoid
> impersonation and phishing attacks is a 2FA hardware token with FIDO2
> or
> U2F. Then we would be able to set a policy to enforce 2fa when
> contributors need access to passwords that would be shared on
> nextcloud,
> or to contributors with "owner" access to gitlab projects.
>
> The most common such token is the Yubikey (45€/$ a piece+10
> tax+5shipping) but there are equivalents with open hardware
> component
> and open source software (e.g. solokeys at 35€/$ incl. tax +5€
> shipping,
> or nitrokey ). As for the amount of people, the vectors team has
> around
> 10-15 people with some level of access to passwords of the project,
> 4
> people do not have 2FA and have "owner" access to the whole gitlab
> project, + 2 "maintainer" access to inkscape/inkscape (and more in
> other
> sub-projects). We also have the possibility to offer it to all
> regular
> contributors for whom it would be useful.
>
> It is yet to be seen whether we could have a discount by asking, or
> if
> there is a way to pay for the whole order and get a single
> reimbursement
> instead of reimbursing individual contributors
>
> Ballot:
>
> a. Reimburse up to 2000 USD for password and project protection, and
> also offering it to contributors who have been in the project for
> more
> than a year and ask for it (implies support for option b)
> b. Reimburse up to 1000 USD to protect the project's passwords on
> nextcloud and gitlab project access (only contributors who have
> access
> to nextcloud, and gitlab maintainer or owner access)
> c. Do not do it
> d. Other (please specify)
>
> Thanks!
>
> --
> Marc
>
> _______________________________________________
> Inkscape Board of Directors mailing list --
> inkscape-board@lists.inkscape.org
> To unsubscribe send an email to
> inkscape-board-leave@lists.inkscape.org
_______________________________________________
Inkscape Board of Directors mailing list -- inkscape-board@lists.inkscape.org
To unsubscribe send an email to inkscape-board-leave@lists.inkscape.org