Git and Github security


#1

Hello :slight_smile:,

After having TLS everywhere, including Git for read-access (write-access has always been through SSH), the hoa devtools:snapshot command requires a more secured Github account.

First, all my commits are now signed. I would like this to be a good practise. We cannot impose it yet, but it would be great. At least for mergers and reviewers (like @ashgenesis, @iraphael, @CircleCode, @pierozi, @Metalaka etc.). If you don’t know how, follow this tutorial: https://help.github.com/articles/signing-commits-using-gpg/. See the results:

All the tags must be signed too. So GPG is mandatory here.

Finally, instead of providing Github username and password for a basic auth, a token is now required. My account has 2FA enabled, and HTTPS auth is no longer availble (which is logical).

If you need help to setup your environment, please tell me. Only mergers and reviewers should be impacted by this changes.

Please review the PR here https://github.com/hoaproject/Devtools/pull/39.


#2

Good news,

I have already configured my account to sign my commit since few month so it’s cool :smiley: Now I need to see to enable 2FA


#3

Thanks @Hywan, GPG is now setup. and already have 2FA since a while.