The Fedora Engineering Steering Committee (FESCo) has made the decision to implement mandatory two-factor authentication for all members of the provenpackager group in charge of committing changes to the Fedora Linux repository. This move comes after an incident where a developer’s account was compromised, prompting a need for stronger security measures.
Members of the provenpackager group, who have the authority to make changes to any package in the repository, must now enable two-factor authentication within three months to maintain their access rights. Failure to comply will result in restricted access starting on September 25th. New members joining the group will be required to enable two-factor authentication from the onset.
For developers and maintainers who are not part of the provenpackager group, while two-factor authentication is not mandatory at this time, it is strongly recommended to enhance overall security measures within the Fedora Linux development community.