[Ksummit-discuss] [CORE TOPIC] dev/maintainer workflow security

Theodore Ts'o tytso at mit.edu
Mon Jul 13 18:22:22 UTC 2015


On Mon, Jul 13, 2015 at 05:14:16PM +0100, James Bottomley wrote:
> 
> So: I admit that if I'm careless, 2fa helps protect everyone else.
> However, I think you can see that if I'm careful (as I claim I am) 2fa
> doesn't buy me much.

The whole point of defense in depth is that even if you normally are
very careful, if you screw up, there are backup protections that
hopefully will prevent the lapse from being a disaster.

With security, it's always about "belt and suspenders".  Sure, we need
to trade off security gains versus the impacts to convenience.  For
me, using 2FA to protect my ssh and GPG keys makes more sense, so I'm
using a Yubikey Neo to provide that 2FA protection.

						- Ted


More information about the Ksummit-discuss mailing list