On Thursday, 11 August 2016 at 13:35:08 UTC, qznc wrote:
> The code is pretty safe thanks to git. The comments get lost.

Irony. Is git still a DVCS? If you lose the central repo, you just lose.

On Thursday, 11 August 2016 at 07:54:48 UTC, Jonathan M Davis wrote:
> I would expect the lockout issue to come from issues with your phone. I almost got locked out by my domain registrar previously, because I changed phone providers, and stupidly, that meant that I couldn't get the SMS messages anymore - even though my phone number hadn't changed.

Google and Steam do this well by marking specific machines as "private." This removes the need for two factor auth for that machine, but ultimately you want 2FA required for those who don't have physical access anyway.

Github has been a little annoying since I can't do that, and Fido U2F is only supported by Chrome and I prefer firefox.

On Thursday, 11 August 2016 at 11:48:32 UTC, ketmar wrote:
> yet in exchange for wery weak protection, one have to give his phone number to the 3rd party, and that 3rd party is known by security faults and overall low level of tech and security. if i'll be asked to give my phone number to such organisation (to *any* organisation, but well, this case even worther), i will deny the requiest immediately.

Don't use your phone, I don't. Use the App and/or hardware, no need to give out personal information.

I forgot Google supports U2F also and I have it enable, but since I don't use Chrome generally I don't get that option.

On Thursday, 11 August 2016 at 13:35:08 UTC, qznc wrote:
> The code is pretty safe thanks to git. The comments get lost.

Somone can rewrite the entire history (i.e patch the commiters mails). This would be a major problem.

On Thursday, 11 August 2016 at 18:34:30 UTC, Jesse Phillips wrote:
> Don't use your phone, I don't. Use the App and/or hardware, no need to give out personal information.

i'm not using smartphones at all, so no "apps". besides, without sending auth request by some other channel than internet i can't see any value in 2fa at all: how is that different from simply using my ssh key and encrypted internet channel?

tbh, i never seen any sense in all that "password" stuff at all. we have asymmetric cryptography, why we still using passwords and "email password resets"?

On Thursday, 11 August 2016 at 18:36:11 UTC, sldkf wrote:
> On Thursday, 11 August 2016 at 13:35:08 UTC, qznc wrote:
>> The code is pretty safe thanks to git. The comments get lost.
>
> Somone can rewrite the entire history (i.e patch the commiters mails). This would be a major problem.

so what? next "git pull" from any developer (not only core dev, many other people has repo clones too) will fail, that will raise an alarm --> security breach detected.

besides, git allows to cryptographically sign each commit. introduce that, and good luck rewriting history, lol.

On Thu, Aug 11, 2016 at 06:36:11PM +0000, sldkf via Digitalmars-d wrote:
> On Thursday, 11 August 2016 at 13:35:08 UTC, qznc wrote:
> > The code is pretty safe thanks to git. The comments get lost.
> 
> Somone can rewrite the entire history (i.e patch the commiters mails).
> This would be a major problem.

This is not a problem. Rewritten history will have different commit hashes, and once a trusted copy of the repo is uploaded, e.g., from Walter's local copy, it will become very obvious which commits have been tampered with. In fact, just replace the repo with Walter's (or some other trusted person's) version, and the tampered commits can be simply discarded.


T

-- 
MASM = Mana Ada Sistem, Man!

On Thursday, 11 August 2016 at 18:50:41 UTC, H. S. Teoh wrote:
> On Thu, Aug 11, 2016 at 06:36:11PM +0000, sldkf via Digitalmars-d wrote:
>> On Thursday, 11 August 2016 at 13:35:08 UTC, qznc wrote:
>> > The code is pretty safe thanks to git. The comments get lost.
>> 
>> Somone can rewrite the entire history (i.e patch the commiters mails).
>> This would be a major problem.
>
> This is not a problem. Rewritten history will have different commit hashes, and once a trusted copy of the repo is uploaded, e.g., from Walter's local copy, it will become very obvious which commits have been tampered with. In fact, just replace the repo with Walter's (or some other trusted person's) version, and the tampered commits can be simply discarded.
>
>
> T

Not wrong, one aspect of git is that there's no "central" repository

On 8/11/2016 7:34 AM, H. S. Teoh via Digitalmars-d wrote:
> so no actual code would be lost.

Github dlang is our critical infrastructure, we should treat it accordingly. I agree we wouldn't lose the code history, but would lose just about everything else. It would take us days, maybe weeks, to get things set up again.

Why risk it?

On Thursday, 11 August 2016 at 18:44:11 UTC, ketmar wrote:

> i'm not using smartphones at all, so no "apps". besides, without sending auth request by some other channel than internet i can't see any value in 2fa at all: how is that different from simply using my ssh key and encrypted internet channel?

Simple your github account manages the SSH keys used to contribute code, it also is what creates pull requests for the contributions to other repos.

GitHub and some others support Fido U2F and that doesn't use an internet channel for auth. Check out Yubico's Yubikey for some good hardware.