Good Morning Everyone,
I would like to raise the topic of enforcing 2FA on the entire CentOS/Automotive namespace on gitlab: https://gitlab.com/CentOS/automotive/
This is something I can do, but before I click the button I'd like to ask: is anyone opposed to this? If not, I'll switch the configuration next week.
Thanks in advance for your thoughts! Pierre
__ I have no objections.
On 2/10/26, 9:26 AM, "Pierre-Yves Chibon" <pingou@pingoured.fr mailto:pingou@pingoured.fr> wrote:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
Good Morning Everyone,
I would like to raise the topic of enforcing 2FA on the entire CentOS/Automotive namespace on gitlab: https://gitlab.com/CentOS/automotive/ https://gitlab.com/CentOS/automotive/
This is something I can do, but before I click the button I'd like to ask: is anyone opposed to this? If not, I'll switch the configuration next week.
Thanks in advance for your thoughts! Pierre _______________________________________________ automotive-sig mailing list -- automotive-sig@lists.centos.org mailto:automotive-sig@lists.centos.org To unsubscribe send an email to automotive-sig-leave@lists.centos.org mailto:automotive-sig-leave@lists.centos.org
Thanks for the feedback David :)
Since no one screamed, I have turned on this requirement on 2FA.
Cheers, Pierre
On Tue, Feb 10, 2026 at 05:27:00PM +0000, Duncan, David via automotive-sig wrote:
__ I have no objections.
On 2/10/26, 9:26 AM, "Pierre-Yves Chibon" <pingou@pingoured.fr mailto:pingou@pingoured.fr> wrote:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
Good Morning Everyone,
I would like to raise the topic of enforcing 2FA on the entire CentOS/Automotive namespace on gitlab: https://gitlab.com/CentOS/automotive/ https://gitlab.com/CentOS/automotive/
This is something I can do, but before I click the button I'd like to ask: is anyone opposed to this? If not, I'll switch the configuration next week.
Thanks in advance for your thoughts! Pierre _______________________________________________ automotive-sig mailing list -- automotive-sig@lists.centos.org mailto:automotive-sig@lists.centos.org To unsubscribe send an email to automotive-sig-leave@lists.centos.org mailto:automotive-sig-leave@lists.centos.org
automotive-sig mailing list -- automotive-sig@lists.centos.org To unsubscribe send an email to automotive-sig-leave@lists.centos.org
OK everyone there seems to be some confusion regarding the mandate for 2FA in gitlab. I logged into gitlab and it told me I had to enable 2FA for my account. My account is backed by RH SAML, which uses 2FA. This is why I indicated prior that I have been using 2FA on gitlab for some time now...because RH corp policies already make this happen. This is why RH SAML exists. We need to undo this before the 27th before people who have been diligently doing their security hygene already are locked out.
---- Bruce O. Benson, Sr. Engineer, Human-Rated Hazard-Facing Systems In-Vehicle OS Engineering, Red Hat, Inc. 100 E. Davie St., Raleigh, NC 27601-1806 USA mobile: +1 571-482-7774 | mailto:bbenson@redhat.com https://www.redhat.com/en/solutions/automotive
On Tue, Feb 10, 2026 at 5:16 AM Pierre-Yves Chibon pingou@pingoured.fr wrote:
Good Morning Everyone,
I would like to raise the topic of enforcing 2FA on the entire CentOS/Automotive namespace on gitlab: https://gitlab.com/CentOS/automotive/
This is something I can do, but before I click the button I'd like to ask: is anyone opposed to this? If not, I'll switch the configuration next week.
Thanks in advance for your thoughts! Pierre _______________________________________________ automotive-sig mailing list -- automotive-sig@lists.centos.org To unsubscribe send an email to automotive-sig-leave@lists.centos.org
Il giorno mer 25 feb 2026 alle ore 04:10 Bruce Benson via automotive-sig < automotive-sig@lists.centos.org> ha scritto:
OK everyone there seems to be some confusion regarding the mandate for 2FA in gitlab. I logged into gitlab and it told me I had to enable 2FA for my account. My account is backed by RH SAML, which uses 2FA. This is why I indicated prior that I have been using 2FA on gitlab for some time now...because RH corp policies already make this happen. This is why RH SAML exists. We need to undo this before the 27th before people who have been diligently doing their security hygene already are locked out.
Hi, let me try to clarify. You can login to GitLab with user and password and the request is to ensure 2FA is enabled at GitLab level to secure your GitLab account. The CentOS team is also requiring authentication through CentOS Identity Provider to grant privileges on CentOS infrastructure related repositories and Red Hat is requiring authentication through Red Hat Identity Provider to rgant privileges on Red Hat infrastructure. Both the identity providers have their own 2FA system as well. Yes, it's annoying having to use 2FA 3 times on some repositories, but they are 3 different accounts in 3 different systems and yeah, we need to deal with that. I hope this clarifies.
If it helps, I have two links in my bookmarks bar 1. GL RH SAML: https://gitlab.com/groups/redhat/-/saml/sso 2. GL CS SAML: https://gitlab.com/groups/centos/-/saml/sso Sometimes GitLab prompts these logins when you're trying to access some resource requiring them, and sometimes it doesn't, so you just don't see what you expect to see. I have these two as shortcuts to quickly authenticate if needed.
Maybe this will make someone's life easier like it did for me :)
Cheers, Mark
On Wed, Feb 25, 2026 at 12:22 PM Sandro Bonazzola via automotive-sig < automotive-sig@lists.centos.org> wrote:
Il giorno mer 25 feb 2026 alle ore 04:10 Bruce Benson via automotive-sig < automotive-sig@lists.centos.org> ha scritto:
OK everyone there seems to be some confusion regarding the mandate for 2FA in gitlab. I logged into gitlab and it told me I had to enable 2FA for my account. My account is backed by RH SAML, which uses 2FA. This is why I indicated prior that I have been using 2FA on gitlab for some time now...because RH corp policies already make this happen. This is why RH SAML exists. We need to undo this before the 27th before people who have been diligently doing their security hygene already are locked out.
Hi, let me try to clarify. You can login to GitLab with user and password and the request is to ensure 2FA is enabled at GitLab level to secure your GitLab account. The CentOS team is also requiring authentication through CentOS Identity Provider to grant privileges on CentOS infrastructure related repositories and Red Hat is requiring authentication through Red Hat Identity Provider to rgant privileges on Red Hat infrastructure. Both the identity providers have their own 2FA system as well. Yes, it's annoying having to use 2FA 3 times on some repositories, but they are 3 different accounts in 3 different systems and yeah, we need to deal with that. I hope this clarifies.
--
Sandro Bonazzola
MANAGER, ENGINEERING
Red Hat In-Vehicle Operating System
Red Hat https://www.redhat.com/ https://www.redhat.com/ https://redhat.com/options *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.*
automotive-sig mailing list -- automotive-sig@lists.centos.org To unsubscribe send an email to automotive-sig-leave@lists.centos.org
automotive-sig@lists.centos.org
-
Bruce Benson -
Duncan, David -
Mark Kemel -
Pierre-Yves Chibon -
Sandro Bonazzola