W3C home > Mailing lists > Public > public-w3process@w3.org > January 2017

Re: Organizational policies related to github

From: Jeff Jaffe <jeff@w3.org>
Date: Mon, 9 Jan 2017 01:27:10 -0500
To: chaals@yandex-team.ru, Terence Eden <terence.eden@digital.cabinet-office.gov.uk>
Cc: Norman Walsh <norman.walsh@marklogic.com>, "w3c-ac-forum@w3.org" <w3c-ac-forum@w3.org>, "public-w3process@w3.org" <public-w3process@w3.org>
Message-ID: <8309311c-d1e8-83a1-bfa9-66a9bd09c5f3@w3.org>
Chaals,

I started this thread a little less than a week ago [1].

So far, I have received private information from two Members about 
github restrictions; both from government agencies or government related 
industries (from two different countries).

In one case, github is not on the whitelisted set of sites that can be 
used.  The workaround is to use one's private PC.

In the second case, policies are in flux.  There has not yet been a 
problem for this Member to access W3C information on github, but there 
had been some problem in getting access to an IETF WG.

That's all that I received, other than the comments about 2FA.

Jeff

[1] https://lists.w3.org/Archives/Member/w3c-ac-forum/2017JanMar/0004.html


On 1/9/2017 12:32 AM, chaals@yandex-team.ru wrote:
> OK, it sounds like there is enough that this isn't a blocker - and 
> even if it were, the pace of process changes is probably slow enough 
> to cope anyway. So the question is still whether there are members who 
> really can't work with github. I still haven't seen any effort to 
> determine that systematically, which I think we should undertake both 
> as sanity check and courtesy.
> I'll send a mail with a clear subject, and if we don't hear that there 
> are problems I'll move forward with this…
> cheers
>
>
> 05.01.2017, 09:35, "Terence Eden" 
> <terence.eden@digital.cabinet-office.gov.uk>:
>> Github supports TOTP or SMS or Printed recovery codes
>> https://help.github.com/articles/about-two-factor-authentication/ 
>> <https://help.github.com/articles/about-two-factor-authentication/>
>> So you can have an authenticator app on your phone, tablet, watch...
>>
>> You're not tied in to receiving SMS for your login codes.
>>
>> On 5 January 2017 at 06:36, <chaals@yandex-team.ru 
>> <mailto:chaals@yandex-team.ru>> wrote:
>>
>>
>>
>>     03.01.2017, 19:14, "Norman Walsh" <Norman.Walsh@marklogic.com
>>     <mailto:Norman.Walsh@marklogic.com>>:
>>     > Terence Eden <terence.eden@digital.cabinet-office.gov.uk
>>     <mailto:terence.eden@digital.cabinet-office.gov.uk>> writes:
>>     >>  Our department requires that internal users have 2FA enabled.
>>     >
>>     > That seems like a plausible requirement for write access to me.
>>
>>     It does. Except that without a solution for easily swapping the
>>     number for second factor message nor free SMS everywhere, it's
>>     likely to be a reason for not making merges when I'm not at home.
>>     Which is fairly often.
>>
>>     cheers
>>
>>     -- 
>>     Charles McCathie Nevile - standards - Yandex
>>     chaals@yandex-team.ru <mailto:chaals@yandex-team.ru> - - - Find
>>     more at http://yandex.com <http://yandex.com/>
>>
>>
>>
>>
>> -- 
>> -- 
>> *Terence Eden*
>> Open Standards Lead
>> +44 7717 512 963 <tel:+447717512963>
>> Government Digital Service
>>
>
>
> -- 
> Charles McCathie Nevile - standards - Yandex
> chaals@yandex-team.ru - - - Find more at http://yandex.com
>
Received on Monday, 9 January 2017 06:27:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 January 2017 06:27:32 UTC