I'd like to start a discussion about some security in our development process. Currently a loose set of people has access in our Gitlab, basically everyone who asked for it and was trusted by Agate or myself. Thats not at all a problem, I think it might be good to have a somehow structured procedure for this in the future. Anyway, people gain access to repository, are able to ship bad code or do releases. Not that I think that someone would do this, but you know, accounts can be hacked and the more accounts are out there having access the more likely it is you can hack one of them.

Gitlab offers a feature to require everyone with special access rights to our groups to activate Two Factor Authentication. For me this is a somehow obvious thing: We should do this. But I am not the only one here, so I'd like to hear your feedback on this. Logging in gets slightly more complicated, is this a problem? Are there any downsides from your perspective?

Let me know!

Personally I use single passwords for each account so the only way to hack into gitlab is to hack my email address and request a new password without me noticing it. Or stole my computer while it's unlocked...
Even if it happens, why someone would bother to hack into gitlab ? And if it happens we have backups.

What I'm saying it's very very unlikely to happen, and since I connect and disconnect various times per day I would prefer not to use 2fa, but I get it can be a must have for people with this kind of rights. But personally I would prefer to loose the rights to do release and to merge than to have 2 fa ( which is not a problem for the project since I use them mostly never.

  • gcrk replied to this.

    petitminion Well, one could bruteforce your password. Or intercept it somehow with phishing. Both are quite common scenarios these days and everyone believes not to fall into those strategies.

    On the other hand, Funkwhale is a widespread software, it most likely runs on dozens of server, maybe even hundreds? There were attacks in the past where hacker injected some cryptoscam mining code and pushed it by doing a new release and I don't see any reason why one shouldn't try this at Funkwhale. Backups wont help in this scenario either.

    I understand that its more complicated to use. This is always an issue, its always security vs ease of usage and there is no best approach, which is why I am starting this conversation.

    I don't know the implementation of Gitlab, but some huge platforms don't require the second factor each time if they are confident its the same device at the same network anyways. Furthermore its likely your password manager is able to handle the second factor as well.

    Sadly Gitlab does not allow us to require the second factor with a specific right, but we could handle those situations with groups I guess.

      Yeah I could get pished.
      I use a différent networks at each connexion and shutdown my computer regularly so I need to reconnect various times a days. If 2fa is integrated with keepass it's okey for me, if not I hope groups could allow this. Because if we require 2fa for every person using the gitlab I think we will have a decrease of contributions.

      2 months later

      I am 100% for 2FA for developers that can push something into stable/develop and make a new relase.

      Also is there an option to disable unsigned/unverified commits from core developers? I believe that would also bring some layer of security.