[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-community
Subject:    Re: Gitlab update, 2FA now mandatory
From:       Ahmad Samir <a.samirh78 () gmail ! com>
Date:       2022-10-25 11:52:10
Message-ID: 3d2f76e1-9b6d-8cdb-5630-5da5e5a834df () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]

[Attachment #4 (text/plain)]

On 25/10/22 13:29, Harald Sitter wrote:
> On Tue, Oct 25, 2022 at 1:22 PM Ahmad Samir <a.samirh78@gmail.com> wrote:
>>
>> Can a first time contributor create a fork, create multiple/100 MR's and spin up CI jobs? if yes,
>> then, first time contributors can disrupt the system.
>>
>> Weren't there some suspicious accounts that were using our gitlab instance for bitcoin mining (I
>> could be wrong, I vaguely remember someone from Sysadmin team talking about something like that)?
>> were these first time contributors or ones with developer accounts?
> 
> I'm sure 2fa doesn't help with that (:

I am not a cyber security expert, but isn't 2FA comparable to captcha stuff? it's not hard, but it 
takes some extra time. Which forum would a spammer target? the one with the "create account and 
login immediately" or the one with "create account, verify captcha hell, verify email address"?

-- 
Ahmad Samir


["OpenPGP_signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]