Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Opt-in for MFA requirement explicitly #1580

Merged
merged 2 commits into from
Aug 22, 2024
Merged

Opt-in for MFA requirement explicitly #1580

merged 2 commits into from
Aug 22, 2024

Conversation

tagliala
Copy link
Contributor

@tagliala tagliala commented Aug 13, 2024
edited
Loading

As a popular gem, faraday implicitly requires that all privileged operations by any of the owners require OTP.

However, by explicitly setting rubygems_mfa_required metadata, the gem will show "NEW VERSIONS REQUIRE MFA" and
"VERSION PUBLISHED WITH MFA" in the sidebar at
https://rubygems.org/gems/faraday

Ref:

image

@tagliala
Opt-in for MFA requirement explicitly
74bd390 
As a popular gem, `faraday` implicitly requires that all privileged
operations by any of the owners require OTP.

However, by explicitly setting `rubygems_mfa_required` metadata, the
gem will show "NEW VERSIONS REQUIRE MFA" and
"VERSION PUBLISHED WITH MFA" in the sidebar at
https://rubygems.org/gems/faraday

Ref:
- https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html
- https://guides.rubygems.org/mfa-requirement-opt-in/
iMacTia
iMacTia approved these changes Aug 22, 2024
View reviewed changes
Copy link
Member

@iMacTia iMacTia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @tagliala, I wasn't aware of this option.
It sounds like we're already MFA-compliant (I vaguely remember having to deal with this at some point), so this change shouldn't affect our release process 👍

@iMacTia iMacTia merged commit 9cdc025 into lostisland:main Aug 22, 2024
7 checks passed
@tagliala tagliala deleted the chore/explicitly-enable-mfa branch August 22, 2024 17:00
@tagliala
Copy link
Contributor Author

Welcome

It sounds like we're already MFA-compliant

Yes, it should already be this way because of the number of downloads. This is just for presentation (and metadata check for automated tools) purposes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iMacTia iMacTia iMacTia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tagliala @iMacTia