this post was submitted on 05 Jun 2024
50 points (79.1% liked)

Open Source

29001 readers
117 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
50
How is everyone handling the 2FA requirement for GitHub? (docs.github.com)
submitted 1 month ago* (last edited 1 month ago) by StorageB@lemmy.one to c/opensource@lemmy.ml
127 comments fedilink hide all child comments
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

you are viewing a single comment's thread
view the rest of the comments
[–] toastal@lemmy.ml 10 points 1 month ago (1 children)

Ideally you don’t want to build your open source software on a proprietary forge service so hopefully nothing of value is on the Microsoft-owned platform so it doesn’t really matter how secure it is.

But you should have a free software TOTP option on you anyhow. I use password-store’s OTP plugin so it is easier to back up & sync.

[–] fuzzzerd@programming.dev 4 points 1 month ago (2 children)

Did you forget the ./s or something? Lemmy itself is developed on GitHub, as are plenty of other "valuable" open source projects. To pretend nothing of value is built there is putting your head in the sand.

If you're developing software on GitHub you have a chance at getting some useful feedback, bug reports and maybe even PRs. Like it or not, the network effect is real.

[–] refalo@programming.dev 5 points 1 month ago* (last edited 1 month ago)

SFC recommends to not use them, so that's what I will keep (not) doing.

[–] toastal@lemmy.ml 2 points 1 month ago* (last edited 1 month ago)

Not /s

It is long past the time to move on. We don’t like the ads, gamified/corporate-friendly social media aspects, & enshitification of the web (which is why we are an Lemmy not Reddit), so why would we want that same platform for our code?

Also Lemmy has every interest in moving as soon as ForgeFed is finalized & merged into a forge the can host since they want the same decentralized values for their forge as their forum/link aggregator platform and have publicly acknowledged it is a problem.

Your projects should follow that example, if not your current projects at least future ones. These megacorporation are not our friends.