Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-committers] Important: Implementation of Mandatory 2FA Across Eclipse Foundation GitHub Organizations
Dear Committers,

Following up on my previous email, I'm glad to announce the completion of the initial phase of implementing two-factor authentication (2FA) across all Eclipse Foundation-owned GitHub organizations.

A Significant Milestone Achieved

With the completion of this first phase, 64% of the Eclipse Foundation projects hosted at GitHub now have 2FA enforced for all their committers and project leads. This achievement reflects our strong commitment to security and sets a positive example for the entire community. To those who have enabled 2FA, your efforts are greatly appreciated and serve as an inspiration for others.

Urgent Attention Needed

For committers yet to implement 2FA, I want to stress the importance of taking action before the deadline on April 30th. Post-deadline, members not in compliance will temporarily lose their privileges on the GitHub repositories for their Eclipse Foundation projects until they enable 2FA. We will soon begin sending out reminders to concerned individuals about this policy. This measure, while stringent, is important for safeguarding your projects.

We Want to Hear From You

Your feedback is very valuable to us. If you encounter any difficulties or have suggestions on how we can improve the 2FA implementation process, please share your thoughts. Whether it's through commenting on the tracking ticket or directly reaching out, your input will help us refine our approach and support you better.

Key Information

  • Deadline for 2FA Activation on your GitHub Account: April 30th. Ensure your compliance to maintain access to your projects.
  • Support and Guidance: If you're unsure how to enable 2FA or have any concerns, please do not hesitate to open a ticket on the HelpDesk. We're here to assist every step of the way. Also, check on the instructions provided by GitHub.
  • Feedback and Suggestions: Your experiences and ideas are welcome.

Should you have any questions or encounter any issues with this change, please do not hesitate to open a ticket on the HelpDesk or comment on the ticket tracking this initiative.

Thank you for your cooperation and dedication to security.

Cheers,

Mikaël Barbero 
Head of Security | Eclipse Foundation
Eclipse Foundation: The Community for Open Innovation and Collaboration



On Jan 14, 2024 at 22:33:44, Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Dear Committers,

As part of our ongoing commitment to enhance the security of your projects and repositories, we are excited to announce a significant step forward in our cybersecurity measures.

Starting April 30th, we will be enforcing mandatory Two-Factor Authentication (2FA) across all Eclipse Foundation owned GitHub organisations. This move is aimed at bolstering our defences against potential unauthorised access and ensuring the integrity of your repositories and projects.

Current Status and Next Steps:

  • For Organisations with Existing Mandatory 2FA:
    • No action required. We commend your proactive stance in adopting this essential security measure.
  • For Organisations Without Mandatory 2FA, But All Members Have 2FA:
    • Plan: We will be transitioning to mandatory 2FA at the organisational level.
    • Immediate Action: This email serves as a notification that, starting February 2nd, all new members must have 2FA enabled in order to join. Organisations in this situation will receive a notification when this is enforced.
  • For Organisations Without Mandatory 2FA, and Not All Members Have 2FA:
    • Impact: Post April 30th, any non-compliant members will temporarily lose write access until they enable 2FA.
    • Deadline: Members are required to enable 2FA by April 30th to avoid any disruption to their access.
    • Follow-Up: We will communicate reminders through project-specific -dev mailing lists and directly to individuals lagging in compliance.

Why is this Important?

The security of your projects and the integrity of your code are paramount. Implementing 2FA across all GitHub organisations is a critical step in safeguarding against unauthorised access and potential security breaches.

How to Enable 2FA?

If you haven't enabled 2FA on your GitHub account yet, please follow these GitHub’s provided instructions.

Need Help?

Should you have any questions or need assistance in setting up 2FA, please do not hesitate to open a ticket on the HelpDesk or to comment on the ticket tracking this initiative

Thank you for your cooperation and commitment to the security of the Eclipse Foundation's projects and infrastructure.

Cheers,

Mikaël Barbero 
Head of Security | Eclipse Foundation
Eclipse Foundation: The Community for Open Innovation and Collaboration

Back to the top