Il giorno mar 10 feb 2026 alle ore 14:45 Fabian Arrotin arrfab@centos.org ha scritto:
On 10/02/2026 14:00, Sandro Bonazzola wrote:
Good Morning Everyone,
I would like to raise the topic of enforcing 2FA on the entire
CentOS/virt
namespace on gitlab: https://gitlab.com/CentOS/virt https://gitlab.com/ CentOS/virt
This is something I can do, but before I click the button I'd like to ask: is anyone opposed to this? If not, I'll switch the configuration next week.
Thanks in advance for your thoughts!
--
Sandro Bonazzola
Hi Sandro,
I think it's a good practice and wanted to raise it with CentOS Board eventually for the whole gitlab.com/CentOS/ group/namespace What is also needed, and it goes further than just 2FA, would be to ensuring that all people using gitlab *are* also coming from SSO (so Fedora/CentOS Account) and so through saml auth, and not just "direct" gitlab users having rights
It recently was an issue on some other SIGs are SIG owners forgot the rule and started to grant access to individuals, rather than through FAS groups and so defeating the purpose
So can you eventually review members that are either managers/owners/developers in Virt SIG, not coming through SSO (so no SAML label) and so no 2FA label either, and contact them to announce the plan ?
See
https://gitlab.com/groups/CentOS/virt/-/group_members?sort=access_level_desc
What I don't see listed is Jean-Louis, working on oVirt and not even listed there, so wondering from where he rebuilds ovirt pkgs if nothing is stored on gitlab ?
About Jean-Louis not listed there, I'm not sure how SAML works there, as he's in the group: https://accounts.centos.org/group/sig-virt/ and in https://accounts.centos.org/group/gitlab-centos-sig-virt/ and gitlab-centos-sig-virt is set in https://gitlab.com/groups/CentOS/virt/-/saml_group_links
I assume that despite he's not listed there GitLab allows him in thanks to the SAML group. Is there a way to get gitlab adding the members from SAML to https://gitlab.com/groups/CentOS/virt/-/group_members as well?
I see myself added as direct member to https://gitlab.com/groups/CentOS/virt/-/group_members as well, not through SAML group.
I'll let @Jean-Louis Dupond jean-louis@dupond.be reply on how he builds the packages :-)
-- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | @arrfab[@fosstodon.org]