A.
----- Original Message ----- | From: "Marc Jeanmougin" marc@jeanmougin.fr | To: inkscape-board@lists.inkscape.org | Sent: Thursday, January 13, 2022 9:41:43 PM | Subject: [Inkscape-board] VOTE: hardware 2FA for project sensitive access | | Dear leadership committee, | | Your attention is required to vote on the following matters: | | Background: | | Some contributors have, or need to have, access to social media | accounts | to post on the behalf of the project, or to infrastructure accounts, | most importantly gitlab. For computer security, we would like to | protect | those accesses with a safe 2FA method, and the safest method to avoid | impersonation and phishing attacks is a 2FA hardware token with FIDO2 | or | U2F. Then we would be able to set a policy to enforce 2fa when | contributors need access to passwords that would be shared on | nextcloud, | or to contributors with "owner" access to gitlab projects. | | The most common such token is the Yubikey (45€/$ a piece+10 | tax+5shipping) but there are equivalents with open hardware component | and open source software (e.g. solokeys at 35€/$ incl. tax +5€ | shipping, | or nitrokey ). As for the amount of people, the vectors team has | around | 10-15 people with some level of access to passwords of the project, 4 | people do not have 2FA and have "owner" access to the whole gitlab | project, + 2 "maintainer" access to inkscape/inkscape (and more in | other | sub-projects). We also have the possibility to offer it to all | regular | contributors for whom it would be useful. | | It is yet to be seen whether we could have a discount by asking, or | if | there is a way to pay for the whole order and get a single | reimbursement | instead of reimbursing individual contributors | | Ballot: | | a. Reimburse up to 2000 USD for password and project protection, and | also offering it to contributors who have been in the project for | more | than a year and ask for it (implies support for option b) | b. Reimburse up to 1000 USD to protect the project's passwords on | nextcloud and gitlab project access (only contributors who have | access | to nextcloud, and gitlab maintainer or owner access) | c. Do not do it | d. Other (please specify) | | Thanks! | | -- | Marc | | _______________________________________________ | Inkscape Board of Directors mailing list -- | inkscape-board@lists.inkscape.org | To unsubscribe send an email to | inkscape-board-leave@lists.inkscape.org |