Open di opened 2 years ago
After chatting with @ewdurbin: Two things that have the biggest impact:
an admin button for disabling all 2FA, recovery codes for the user.
Doing this now.
- [ ] Notify co-maintainers, publish an event (possibly publicly)
Should this be another set of emails? If so, I can add it to https://github.com/pypi/warehouse/issues/13234.
To make it easier for PyPI admins & moderators to process account recovery requests, there are few things we can do to make it possible for any admin/moderator to handle these requests and make it self-service as much as possible.
Regardless of improvements, we'll still require that a human in the loop does the final review before resetting access to the account. We'll also need to handle edge cases where a project doesn't have a public source repository.
Open questions:
ref: https://github.com/pypa/pypi-support/issues/796