opensource.google.com
ANSWER: Use multi-factor auth (with a security key if possible)Use a shared account for core maintainersMake sure to write all your passwords in rot13Use an IP allowlist
ANSWER: Use multi-factor auth (with a security key if possible)Use a shared account for core maintainersMake sure to write all your passwords in rot13Use an IP allowlist
Why and how: A malicious actor with access to a developer account can pretend to be a known contributor and submit bad code. Encourage contributors to use multi-factor authentication (MFA) not only for platforms where they send commits, but also for accounts associated with contributions, such as email. Where possible, security keys are the recommended form of MFA.
Why and how: A malicious actor with access to a developer account can pretend to be a known contributor and submit bad code. Encourage contributors to use multi-factor authentication (MFA) not only for platforms where they send commits, but also for accounts associated with contributions, such as email. Where possible, security keys are the recommended form of MFA.
Q2: What should you do to avoid merging malicious commits?ANSWER: Require all commits to be reviewed by someone who is not the commit authorAuto-run tests on all commitsScan for the word ‘bitcoin’ in all commitsOnly accept commits from contributors who have accounts older than 1 year
Leave a Comment
Recent Posts
Asian American women are getting lung cancer despite never smoking. It’s baffling scientists and leading to more research.
Comment
