Hello ,
After having TLS everywhere, including Git for read-access (write-access has always been through SSH), the hoa devtools:snapshot
command requires a more secured Github account.
First, all my commits are now signed. I would like this to be a good practise. We cannot impose it yet, but it would be great. At least for mergers and reviewers (like @ashgenesis, @iraphael, @CircleCode, @pierozi, @Metalaka etc.). If you don’t know how, follow this tutorial: https://help.github.com/articles/signing-commits-using-gpg/. See the results:
All the tags must be signed too. So GPG is mandatory here.
Finally, instead of providing Github username and password for a basic auth, a token is now required. My account has 2FA enabled, and HTTPS auth is no longer availble (which is logical).
If you need help to setup your environment, please tell me. Only mergers and reviewers should be impacted by this changes.
Please review the PR here https://github.com/hoaproject/Devtools/pull/39.