[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian two-factor auth, GSoC?

]] Thomas Goirand 

> On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:
> > The Yubikey neo can run the java applet thingies, it seems, so it can
> > act as a GPG token too. 
> Please, please, please ... no java!!!
> That's a security nightmare. I think we'd be less safe with
> than without it.

Please take your FUD elsewhere.

It's an implementation of the JavaCard specification.  It's not
something that runs in your web browser, but they're both called
applets.

> Also, while I think the idea is nice, and that it would be a nice
> thing to *propose* it to all DDs, I think it would be annoying
> to actually *require* 2 factors auth from DDs (especially with
> the ssh keys on Alioth).

We're unlikely to require it for all DDs.  We are likely to require it
for access to certain important hosts, but this shouldn't affect many
people.  Most likely just DSA.

(Alioth isn't part of the Debian infrastructure in this context, so I'm
not sure why you're mentioning it.)

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: