| ▲ | mnahkies 3 days ago | |
Another advantage of this would be for CI/CD - MFA can be a pain for this. If I could have a publish token / oidc Auth in CI that required an additional manual approve in the web UI before it was actually published I could imagine this working well. It would help reduce risk from CI system breaches as well. There are already "package published" notification emails, it's just at that point it's too late. | ||
| ▲ | const_cast 3 days ago | parent [-] | |
Yes, exactly. A lot of these 2FA schemes or attestation schemes break automation, which is really undesirable in this particular scenario. Its tricky. | ||