HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hqball

no profile record

comments

hqball
·4 lata temu·discuss
Then I have to trust an app (which can have vulnerabilities) or a USB device which can be exchanged for a BAD-USB exploit carrier.

That looks like offloading security issues to the user.

Sounds far fetched? If the code repositories are that valuable, why wouldn't state actors try to mess with the hardware and commit underhanded C or similar?

The repository owners would detect the malicious commit? Well, in that case, why do we need 2FA in the first place?
hqball
·4 lata temu·discuss
We need someone like Homakov again (https://arstechnica.com/information-technology/2012/03/hacke...) so people can access their own repositories without this bureaucratic nonsense.

If you have a strong password, is that really the biggest security threat? I highly doubt that. 2FA is used to get unique identifiers and data mine people.

It is a breach of confidence that large parts of the open source scene has trusted GitHub and now has to jump through new hoops practically every year.