|
|
|
|
|
|
by acegopher
2493 days ago
|
|
|
PyPi has 2FA for user logins to the website, which: "safeguards against malicious changes to project ownership, deletion of old releases, and account takeovers. Package uploads will continue to work without users providing 2FA codes." They are also working to enforce 2FA on uploads: "But that's just for now. We are working on implementing per-user API keys as an alternative form of multifactor authentication in the setuptools/twine/PyPI auth flows. These will be application-specific tokens scoped to individual users/projects, so that users will be able to use token-based logins to better secure uploads. And we'll move on to working on an advanced audit trail of sensitive user actions, plus improvements to accessibility and localization for PyPI. More details are in our progress reports." From: http://pyfound.blogspot.com/2019/06/pypi-now-supports-two-fa... |
|
|