|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
MIME-Version: 1.0 In-Reply-To: <e3394ec4-d819-4527-84c9-ec7779e4789e@app.fastmail.com> From: "Lizhou Sha" <slz@mit.edu> Date: Tue, 5 Dec 2023 17:57:24 -0600 Message-ID: <CA+fWxRL5G-PhPvQLSQMz0k_kTmMzn7ixAg0j8EPoeTP1AFFVwQ@mail.gmail.com> To: Geoffrey Thomas <geofft@ldpreload.com> CC: Lizhou Sha <slz@mit.edu>, <debathena@mit.edu> Content-Type: multipart/alternative; boundary="000000000000a5441b060bcbffdb" --000000000000a5441b060bcbffdb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I thought this is the account that is used by Debathena git repo hooks to push from local copy to GitHub. I don't think GHA is appropriate in this case. We can however explore whether we can use GitHub action to perform the pre-commit hooks for validation. OAuth token is certainly a possibility, but doesn't it still require an account to issue those tokens in the first place? I like the idea of keeping the TOTP token on the build host or the Debathena git repo host (drug-store?). We can even keep it in a KeePass database, as KeePassXC comes with built-in TOTP capabilities. (Problem: are we comfortable installing KeePassXC on the repo host and allowing X-Forwarding??? Or is there a command line thing that can do TOTP?) Best, Lizhou On Tue, Dec 5, 2023 at 5:19=E2=80=AFPM Geoffrey Thomas <geofft@ldpreload.co= m> wrote: > GitHub has pretty good support these days for automation through GitHub > Actions and OAuth tokens and such, without needing an actual account. Wha= t > is this account doing / can we migrate it to GHA? > > -- > Geoffrey Thomas > geofft@ldpreload.com > > On Tue, Dec 5, 2023, at 5:39 PM, Lizhou Sha wrote: > > What do? > > ---------- Forwarded message --------- > From: *GitHub* <noreply@github.com> > Date: Tue, Dec 5, 2023 at 2:21=E2=80=AFPM > Subject: [ACTION REQUIRED] Your GitHub account, athena-github-sync, will > soon require 2FA > To: Athena Github Synchronization Robot <athena-github-sync@mit.edu> > > > Hey athena-github-sync! > > > We're reaching out to let you know that, as announced last year, we have > officially begun requiring users who contribute code on GitHub.com to hav= e > two-factor authentication (2FA) enabled. > > Your account meets this criteria, and you will need to enroll in 2FA > within 45 days, by January 19th, 2024 at 00:00 (UTC). After this date, yo= ur > access to GitHub.com will be limited until you enroll in 2FA. Enrolling i= s > easy, and we support several options, starting with TOTP apps and text > messages (SMS) and then adding on passkeys and the GitHub Mobile app. > > Click here to enroll in 2FA > <https://github.com/settings/two_factor_authentication/setup/intro>. > > Making the software supply chain more secure is a team effort, and we > can't do it without you. Your enrollment in 2FA is an impactful step in > keeping the world's software secure. If you want to learn more about this > change, please take a look at our documentation about the program > <https://docs.github.com/authentication/securing-your-account-with-two-fa= ctor-authentication-2fa> > . > > To see this and other security events for your account, visit your > account security audit log. <https://github.com/settings/security-log> > > If you run into problems, please contact support by visiting the GitHub > support page. <https://github.com/contact> > > Thanks, > The GitHub Team > > > > > -- > Lizhou Sha > Class of 2018 > > > --=20 Lizhou Sha Class of 2018 --000000000000a5441b060bcbffdb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">I thought this is the account that is used by Debathena gi= t repo hooks to push from local copy to GitHub. I don't think GHA is ap= propriate in this case.<div><br></div><div>We can however explore whether w= e can use GitHub action to perform the pre-commit hooks for validation.<br>= <div><br></div><div>OAuth token is certainly a possibility, but doesn't= it still require an account to issue those tokens in the first place?<div>= </div></div><div><br></div><div>I like the idea of keeping the TOTP token o= n the build host or the Debathena git repo host (drug-store?). We can even = keep it in a KeePass database, as KeePassXC comes with built-in TOTP capabi= lities. (Problem: are we comfortable installing KeePassXC on the repo host = and allowing X-Forwarding??? Or is there a command line thing that can do T= OTP?)</div><div><br></div><div>Best,</div><div>Lizhou</div></div></div><br>= <div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, De= c 5, 2023 at 5:19=E2=80=AFPM Geoffrey Thomas <<a href=3D"mailto:geofft@l= dpreload.com">geofft@ldpreload.com</a>> wrote:<br></div><blockquote clas= s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid r= gb(204,204,204);padding-left:1ex"><div class=3D"msg2288010974555349326"><u>= </u><div><div>GitHub has pretty good support these days for automation thro= ugh GitHub Actions and OAuth tokens and such, without needing an actual acc= ount. What is this account doing / can we migrate it to GHA?<br></div><div>= <br></div><div id=3D"m_2288010974555349326sig99062392"><div>--=C2=A0<br></d= iv><div>Geoffrey Thomas<br></div><div><a href=3D"mailto:geofft@ldpreload.co= m" target=3D"_blank">geofft@ldpreload.com</a><br></div></div><div><br></div= ><div>On Tue, Dec 5, 2023, at 5:39 PM, Lizhou Sha wrote:<br></div><blockquo= te type=3D"cite" id=3D"m_2288010974555349326qt"><div dir=3D"ltr"><div>What = do?<br></div><div><br></div><div><div dir=3D"ltr"><div>---------- Forwarded= message ---------<br></div><div>From: <b dir=3D"auto">GitHub</b> <span dir= =3D"auto"><<a href=3D"mailto:noreply@github.com" target=3D"_blank">norep= ly@github.com</a>></span><br></div><div>Date: Tue, Dec 5, 2023 at 2:21= =E2=80=AFPM<br></div><div>Subject: [ACTION REQUIRED] Your GitHub account, a= thena-github-sync, will soon require 2FA<br></div><div>To: Athena Github Sy= nchronization Robot <<a href=3D"mailto:athena-github-sync@mit.edu" targe= t=3D"_blank">athena-github-sync@mit.edu</a>><br></div></div><div><br></d= iv><div><br></div><p>Hey athena-github-sync!<br></p><p><br></p><p>We're= reaching out to let you know that, as announced last year, we have officia= lly begun requiring users who contribute code on GitHub.com to have two-factor authentication (2FA) ena= bled.<br></p><p>Your account meets this criteria, and you will need to enro= ll in 2FA within 45 days, by January 19th, 2024 at 00:00 (UTC). After this date, your access to GitHub.com will be limited until you enroll in 2FA. = Enrolling is easy, and we support several options, starting with TOTP apps and text messages (SMS) and then adding = on passkeys and the GitHub Mobile app.<br></p><p><a href=3D"https://github.com/settings/two_factor_authenti= cation/setup/intro" target=3D"_blank">Click here to enroll in 2FA</a>.<br><= /p><p>Making the software supply chain more secure is a team effort, and we= can't do it without you. Your enrollment in 2FA is an impactful step in keeping the world's software secure. If y= ou want to learn more about this change, please take a look at our <a href=3D"https://docs.github.com/authenticati= on/securing-your-account-with-two-factor-authentication-2fa" target=3D"_bla= nk">documentation about the program</a>.<br></p><p>To see this and other se= curity events for your account, visit <a href=3D"https://github.com/setting= s/security-log" target=3D"_blank">your account security audit log.</a><br><= /p><p>If you run into problems, please contact support by visiting <a href= =3D"https://github.com/contact" target=3D"_blank">the GitHub support page.<= /a><br></p><p></p><div>Thanks,<br></div><div> The GitHub Team<br></div><p><= /p><p><br></p></div><div><br></div><div><br></div><div><span>--</span><br><= /div><div dir=3D"ltr"><div dir=3D"ltr"><div>Lizhou Sha<br></div><div>Class = of 2018<br></div></div></div></div></blockquote><div><br></div></div></div>= </blockquote></div><br clear=3D"all"><div><br></div><span class=3D"gmail_si= gnature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><d= iv dir=3D"ltr">Lizhou Sha<br>Class of 2018</div></div> --000000000000a5441b060bcbffdb--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |