On Mon, Jul 13, 2015 at 04:39:20PM +0100, James Bottomley wrote:
> On Mon, 2015-07-13 at 10:07 -0400, Konstantin Ryabitsev wrote:

> > Which brings me around to grumbling a bit -- since we've made 2-factor
> > auth available, only 30 people have set up a token[*] (not even 10% of all
> > account holders) and only 25 repositories/subdirs have a 2fa requirement
> > on them, out of 450 defined.

> It's a bit painful for those of us who move around a lot and no-one has
> ever articulated a clear threat vector it's supposed to counter.

As the owner of about 16% of those repositories and someone who travels
a reasonable amount I have to say I actually find it a lot easier than
the previous system (especially given that previously I had to share a
single kernel.org SSH key over all my machines).  That's got more to do
with being able to use a self supplied SSH key but still.

> fast forward.  If I were trying to get a bogus commit into the tree, I'd
> be attacking the maintainer's laptop to put it into their personal git
> tree (I'd actually tack the code on to an existing commit via rebase ...
> cleverly choosing a commit they hadn't yet pushed), so no-one would
> notice when it was pushed to kernel.org and it would be properly
> accounted for in the subsequent pull request to Linus.  2 factor
> authentication does nothing to counter this.

For me the second factor is as much a defence in depth thing as anything
else.