Open Carreau opened 8 years ago
willingc
commented
8 years ago We can see 2FA status from an organization level. You can also filter out those that do not have 2FA enabled. https://help.github.com/articles/ensuring-that-organization-members-have-enabled-two-factor-authentication/
Carreau
commented
8 years ago Yes, thanks @willingc ! Though I'm not sure everyone can see this page, or at least it won't appear in the same way depending on your status of the organisation.
For the Jupyter organisation the following page list all members of the organisation:
https://github.com/orgs/jupyter/people I can see the 2FA status, but not if I'm not logged in. I suppose it is a security measure to avoid attacker to find vulnerable people. I think you can also "hide" your belonging to an organisation, in which case only Owners I think can see you.
Still I cannot easily distinguish people that are part of the organisation without commit rights, and those who have without drilling through teams/repositories.
Hope you're getting some rest post-japan !
willingc
commented
7 years ago From last week's GitHub announcements, you can enable 2FA for an organization and the warning box explains what happens to a member until they activate 2FA: https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
ivanov
commented
9 months ago I think this has been done, but just moving it for posterity to jupyter/security for that group to decide if this should be deemed closeable or not.
Cf thread on the Jupyter Mailing list.
It would be a good idea to review:
At the same time, we could likely see if we can clean-up who is in what team, and if developers are still active.
Once this is done, we can also review who has access to non-github resources at the same time:
And try to uniformise that; as well as investigate securing the releases processes.