On 10/02/2026 14:00, Sandro Bonazzola wrote:
Good Morning Everyone,
I would like to raise the topic of enforcing 2FA on the entire CentOS/virt namespace on gitlab: https://gitlab.com/CentOS/virt <https://gitlab.com/ CentOS/virt>
This is something I can do, but before I click the button I'd like to ask: is anyone opposed to this? If not, I'll switch the configuration next week.
Thanks in advance for your thoughts!
--
Sandro Bonazzola
Hi Sandro,
I think it's a good practice and wanted to raise it with CentOS Board eventually for the whole gitlab.com/CentOS/ group/namespace What is also needed, and it goes further than just 2FA, would be to ensuring that all people using gitlab *are* also coming from SSO (so Fedora/CentOS Account) and so through saml auth, and not just "direct" gitlab users having rights
It recently was an issue on some other SIGs are SIG owners forgot the rule and started to grant access to individuals, rather than through FAS groups and so defeating the purpose
So can you eventually review members that are either managers/owners/developers in Virt SIG, not coming through SSO (so no SAML label) and so no 2FA label either, and contact them to announce the plan ?
See https://gitlab.com/groups/CentOS/virt/-/group_members?sort=access_level_desc
What I don't see listed is Jean-Louis, working on oVirt and not even listed there, so wondering from where he rebuilds ovirt pkgs if nothing is stored on gitlab ?