Opt-in for MFA requirement explicitly

lostisland / faraday

Simple, but flexible HTTP client library, with support for multiple backends.

https://lostisland.github.io/faraday

MIT License

5.76k stars 981 forks source link

Opt-in for MFA requirement explicitly #1580

Closed tagliala closed 3 months ago

tagliala commented 3 months ago

As a popular gem, faraday implicitly requires that all privileged operations by any of the owners require OTP.

However, by explicitly setting rubygems_mfa_required metadata, the gem will show "NEW VERSIONS REQUIRE MFA" and "VERSION PUBLISHED WITH MFA" in the sidebar at https://rubygems.org/gems/faraday

Ref:

https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html
https://guides.rubygems.org/mfa-requirement-opt-in/

tagliala commented 3 months ago

Welcome

It sounds like we're already MFA-compliant

Yes, it should already be this way because of the number of downloads. This is just for presentation (and metadata check for automated tools) purposes