From: Theodore Ts'o <tytso@mit.edu>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: ksummit-discuss@lists.linuxfoundation.org,
Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Subject: Re: [Ksummit-discuss] [CORE TOPIC] dev/maintainer workflow security
Date: Mon, 13 Jul 2015 14:22:22 -0400 [thread overview]
Message-ID: <20150713182222.GC11033@thunk.org> (raw)
In-Reply-To: <1436804056.6901.27.camel@HansenPartnership.com>
On Mon, Jul 13, 2015 at 05:14:16PM +0100, James Bottomley wrote:
>
> So: I admit that if I'm careless, 2fa helps protect everyone else.
> However, I think you can see that if I'm careful (as I claim I am) 2fa
> doesn't buy me much.
The whole point of defense in depth is that even if you normally are
very careful, if you screw up, there are backup protections that
hopefully will prevent the lapse from being a disaster.
With security, it's always about "belt and suspenders". Sure, we need
to trade off security gains versus the impacts to convenience. For
me, using 2FA to protect my ssh and GPG keys makes more sense, so I'm
using a Yubikey Neo to provide that 2FA protection.
- Ted
next prev parent reply other threads:[~2015-07-13 18:22 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-10 14:38 Jason Cooper
2015-07-10 15:50 ` Josh Boyer
2015-07-10 16:23 ` Theodore Ts'o
2015-07-10 19:45 ` Steven Rostedt
2015-07-10 20:34 ` Olof Johansson
2015-07-11 1:19 ` Jason Cooper
2015-07-10 22:08 ` Kees Cook
2015-07-11 1:48 ` Jason Cooper
2015-07-11 7:31 ` James Bottomley
2015-07-11 16:02 ` Jason Cooper
2015-07-11 16:38 ` Theodore Ts'o
2015-07-13 23:15 ` Kees Cook
2015-07-13 8:32 ` Jiri Kosina
2015-07-13 14:07 ` Konstantin Ryabitsev
2015-07-13 15:39 ` James Bottomley
2015-07-13 16:02 ` Mark Brown
2015-07-13 16:05 ` Konstantin Ryabitsev
2015-07-13 16:14 ` James Bottomley
2015-07-13 18:22 ` Theodore Ts'o [this message]
2015-07-13 16:46 ` Geert Uytterhoeven
2015-07-13 17:12 ` josh
2015-07-13 19:37 ` Jiri Kosina
2015-07-15 18:42 ` Steven Rostedt
2015-07-13 23:25 ` Kees Cook
2015-07-14 7:47 ` James Bottomley
2015-07-14 16:20 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150713182222.GC11033@thunk.org \
--to=tytso@mit.edu \
--cc=James.Bottomley@HansenPartnership.com \
--cc=konstantin@linuxfoundation.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox