Hello,
Recently I found out that Nitrokey partnered with Gentoo Foundation to provide each Gentoo developer with USB stick which can securely store SSH, GPG keys and generate OTP.
I also saw recently mail in devel@ that we can soon have 2 factor autentication in infrastructure.
It might be good opportunity to try partnering with Nitrokey to have possibility for packagers/sysadmins/relengs to get such device for free. I think this might get more people aboard and expose Fedora more. Obviously there needs to be some rules around that (maintain more than X packages may be?), but I don't have any concrete proposal.
I don't know any details how that could be done, just thought that it is good idea and decided to bring it to Council.
Thanks for attention!
IMHO a nice idea. I am happy to establish contact with them (they are from Germany as well). Talked to them a few years ago already at Chaos Communication Congress but they might not remember.
As for the criteria, IMHO it should not be focussed only on packagers but anyone with access to some core git repo or web service that can benefit from this. The device the gentoo people got also supports SSH authentication AFAIU so it is not only interesting for 2fa.
Let's define the criteria first and approach the vendor second.
I noticed we are changing the methods of accessing src.fp.o. Perhaps @ignatenkobrain could take point on talking with infra to identify where contributors could actually use these objects in our infrastructure based on policies.
Thank you for the hint, I missed that Fedora Infra is planning to deprecate SSH authentication completely. For the new authentication, only the (Nitrokey FIDO U2F) seems to make sense - it does not support SSH/GPG anymore, though. Therefore it is a lot less expensive (22 EUR).
In today's meeting, we decided:
Metadata Update from @bcotton: - Issue assigned to till - Issue marked as depending on: #249 - Issue priority set to: Waiting on Assignee (was: Needs Review)
@puiterwijk is the contact for infra timing and requirements
@till is still working on this. I created a card on our Infra priorities Taiga board: https://teams.fedoraproject.org/project/fedora-council-infrastructure-priorities/us/6?kanban-status=439
I created an issue to get some clarifications from Infra: https://github.com/fedora-infra/noggin/issues/288
@bcotton what should happen with this ticket since I moved on from the Council?
FYI: Also asked for authentication plans with Gitlab: https://gitlab.com/gitlab-org/gitlab/-/issues/217350
If you want to remain assigned to it for now, I think that's reasonable. If not we'll find someone else to volunteer.
Metadata Update from @mattdm: - Issue unmarked as depending on: #249
I'm going to close this ticket as deferred. If someone would like to champion it, please reopen.
Metadata Update from @mattdm: - Issue close_status updated to: deferred - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.