18:32:25 <sumpfralle2> #startmeeting
18:32:25 <MeetBot> Meeting started Wed Aug 19 18:32:25 2020 UTC.  The chair is sumpfralle2. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:32:25 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:32:40 <sumpfralle2> It is Wednesday evening again - time for our weekly IRC meeting ...
18:33:04 <sumpfralle2> The last weeks showed some signs of people hanging around in the sun - let us see, whether that changed today :)
18:48:01 <TheSnide> hi
18:49:07 <TheSnide> as I said elsewhere, i'd like to enable mandatory 2FA on our orga members account on github
18:55:47 <kenyon> +1
18:56:02 <TheSnide> It won't bar anyone from participating in munin, just not be part of the org team
18:56:29 <TheSnide> well, as far as our github is concerned ;)
18:57:14 <TheSnide> I privately notified the ones concerned, and we are in process of resolving the matter. I'll hit the "enable" button somewhere tonight.
18:57:51 <TheSnide> not much else
19:03:10 <sumpfralle2> TheSnide: is this relevant for me?
19:04:45 <sumpfralle2> The github doc says, its 2FA is transmitted via SMS or a mobile app. I do not use a mobile phone, thus it would be challenging for me.
19:04:48 <TheSnide> if you got a private email it is ;)
19:05:16 <kenyon> github can use yubico keys too
19:05:30 <TheSnide> i think it can use USB keys
19:05:33 <sumpfralle2> yes, thanks for the reminder, I received the mail
19:05:39 <sumpfralle2> no email?
19:05:44 <sumpfralle2> (email for 2FA)
19:05:55 <TheSnide> https://docs.github.com/en/github/authenticating-to-github/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key
19:09:53 <sumpfralle2> hm - the "security key" section sounds like it only works with a hardware token.
19:11:03 <kenyon> yeah, how else would you have a second factor?
19:11:15 <sumpfralle2> by email?
19:11:16 <TheSnide> seems that https://gitlab.gnome.org/World/Authenticator fits the "softtoken"
19:12:41 <sumpfralle2> TheSnide: thanks, I will take a look at it.
19:13:38 <kenyon> how are you not doing any 2FA
19:13:50 <kenyon> I enable 2FA on every possible thing
19:13:55 <sumpfralle2> I guess, my approach would be in line with h01ger's email response (re-joining the org group after I have some kind of 2FA source suitable for github)
19:15:03 <sumpfralle2> kenyon: I survive perfectly fine without any incidents or accidents :)
19:15:08 <kenyon> 35 accounts in my authenticator app
19:16:35 <kenyon> you could probably get an old iPhone or Android phone for ~free and use it for auth
19:16:48 <kenyon> no phone service needed
19:30:41 <sumpfralle2> This could be an emergency approach. But I am a bit strict with my (non-)usage of non-free software. I guess, "just take an old phone" gets a bit complicated combined with this trait of character.
19:31:13 <sumpfralle2> Anyway: there will be a soft-token approach or I look for a proper hardware token generator.
19:42:14 <kenyon> it's probably 99% Free Software
19:45:13 <sumpfralle2> sounds like "almost trustworthy" :)
19:45:24 <sumpfralle2> anyway - this is a different discussion ...
19:52:05 <kenyon> can you trust GitHub then?
19:52:11 <kenyon> you use that
19:53:01 <kenyon> it's mostly free software too, but how can you know
19:56:26 <sumpfralle2> I would strongly prefer, not to use github, of course.
19:56:51 <sumpfralle2> But I do not see this as a good argument of reducing my requirements for personal devices.
19:57:00 <sumpfralle2> Anyway - a different discussion :)
20:00:28 <kenyon> it's not really a different discussion, because your strict adherence to ideology is preventing you from using github in the most secure way available
20:01:08 <kenyon> so if your account is compromised, this is a problem for the project
20:03:27 <kenyon> looks like that software authenticator should work though
20:03:35 <kenyon> hopefully
20:04:51 <TheSnide> "this is a problem for the project" <-- that's my rationale to enforce 2FA on org memebers
20:05:18 <TheSnide> anyway, nothing to add, and I have to leave.
20:05:44 <sumpfralle2> Good night!
20:05:47 <sumpfralle2> #endmeeting