Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Did you really claim 2-factor authentication as your primary differentiation for choosing source control? Really?

As someone who used to have keys to a number of security-critical OSS projects, I would never use password-only authentication to protect write access to my repo.

It's not just the chance of someone sneaking in a change and its getting shipped to users -- although that's also awful -- but it's also the chance of someone sneaking in a change that pwns all of your developers (by running a script as part of the build).

And if you're using a private repository and care about keeping your source code secret, then you really, really, really want 2FA.



> And if you're using a private repository and care about keeping your source code secret, then you really, really, really want 2FA.

Um, if I need this, I'm not handing my data to github. Thanks.


Github enterprise edition. Not the cloud service.


So true, actually.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: