Open annevk opened 4 years ago
domfarolino
commented
4 years ago Does https://github.com/orgs/whatwg/people?query=two-factor%3Adisabled only show correct results for owners or something? I have 2FA enabled, and from my view, Domenic, yourself, and I are all on that list, which isn't correct (for at least me, and presumably you two).
domenic
commented
4 years ago That... appears to be something like what's happening. I can reproduce in incognito mode, where (I would guess) it is just showing everyone in the organization. Also, some of the UI---including the UI for filtering by 2FA---is disabled in incognito.
I guess the idea is non-owners shouldn't be able to see peoples' security status. But IMO it's a GitHub bug that the search field still can be populated with "two-factor:disabled" with no warning about what's happening.
I think it would be nice if we enforced 2FA for the entire organization. That way there's less manual checking when giving people more power and would also guard the organization against people lowering their amount of protection.
Given https://github.com/orgs/whatwg/people?query=two-factor%3Adisabled we'd need to do a decent amount of outreach first, but I'm willing to drive that if there's support for doing this.
See also #113.