AsciiDoc Language issueshttps://gitlab.eclipse.org/eclipse/asciidoc-lang/asciidoc-lang/-/issues2023-10-22T08:10:12Zhttps://gitlab.eclipse.org/eclipse/asciidoc-lang/asciidoc-lang/-/issues/44Enforcing 2FA on Gitlab Accounts2023-10-22T08:10:12ZTiago LucasEnforcing 2FA on Gitlab AccountsDear project committers, \
I would like to bring to your attention that the security team at the Eclipse Foundation will soon be requiring that accounts with committer privileges on gitlab.eclipse.org activate 2FA access control. \
The p...Dear project committers, \
I would like to bring to your attention that the security team at the Eclipse Foundation will soon be requiring that accounts with committer privileges on gitlab.eclipse.org activate 2FA access control. \
The plans, along with details on the importance of this change, have been [shared on the committers mailing list](https://www.eclipse.org/lists/eclipse.org-committers/msg01397.html). \
As included in the announcement, we are opening this ticket to inform you and track the activation of 2FA on accounts belonging to this projects’ members. \
To keep in mind, starting on on the **30th of October** you’ll likely see a banner each time you access GitLab reminding you to activate 2FA in your account. \
The deadline is **December the 4th**, by which access to your account will be limited until you activate 2FA. It is highly recommended that you enroll in this process before the deadline.
GitLab offers [instructions](https://gitlab.eclipse.org/help/user/profile/account/two_factor_authentication.md) on every step of the process and we’re happy to answer any question you might have. \
Thank you!
/cc @mbarbero
## FAQ
### How can I activate 2FA for my [gitlab.eclipse.org](https://gitlab.eclipse.org) account?
Detailed [instructions](https://gitlab.eclipse.org/help/user/profile/account/two_factor_authentication.md) are available. In a nutshell, visit [gitlab.eclipse.org/-/profile/two_factor_auth](https://gitlab.eclipse.org/-/profile/two_factor_auth) and follow the on-screen instructions.
If the form asks you for a password in order to set up 2FA on your account, this is not your Eclipse account’s password. It is a known bug on Gitlab that some accounts are requested a “local” password despite having one in the Active Directory. \
You should request a [password reset](https://gitlab.eclipse.org/-/profile/password/edit) and use that same password for this form. This process *does not* change your Eclipse account password.
### Do I need to purchase a hardware token for account access?
No. GitLab supports two 2FA methods:
_Time-based One Time Password_ (TOTP) compatible with mobile apps like Google Authenticator or Authy, and several password managers such as Bitwarden or 1Password.
_WebAuthN_, which necessitates a hardware token, typically a USB key (examples include [Solo 2 key](https://solokeys.com/) or [Yubikey](https://www.yubico.com/la-cle-yubikey/yubikey-5-series/)). These tokens are sometimes referred to as FIDO2 keys.
### How will this affect my [gitlab.eclipse.org](https://gitlab.eclipse.org) accounts?
In the near future, 2FA will become mandatory for authentication on your accounts. Should you not have enrolled by the deadline we communicated to you, access to the platform will be restricted.
### I already have 2FA enabled on [gitlab.eclipse.org](https://gitlab.eclipse.org), do I need to do anything?
No, you’re all good.
### What do I do if I lose my 2FA device?
We highly recommend the utilization of diverse secondary authentication methods. In the event that you misplace all your secondary authentication elements, recovery codes will be the only way to restore account access. By securely storing your recovery codes, you'll ensure the ability to regain access.
Note that the Eclipse IT team may be able to recover access to accounts with 2FA enabled if both the 2FA credentials and account recovery methods are lost. This will require extra identity verification and direct contact with [security@eclipse-foundation.org](mailto:security@eclipse-foundation.org) or [webmaster@eclipse-foundation.org](mailto:webmaster@eclipse-foundation.org).https://gitlab.eclipse.org/eclipse/asciidoc-lang/asciidoc-lang/-/issues/3Set up project labels to compliment contribution workflow2021-04-14T00:56:16ZSarah WhiteSet up project labels to compliment contribution workflowThe project should have a set of labels that communicate key information about an issue or MR. These labels should correspond to common events in the contribution workflow and help the community filter contributions by domain, kind, stat...The project should have a set of labels that communicate key information about an issue or MR. These labels should correspond to common events in the contribution workflow and help the community filter contributions by domain, kind, status, maintainer responsibility, etc.
I've added and defined a few preliminary labels to the project. They're serving as examples of some of the label categories I've proposed and to help us triage the initial issues that are filed. The `triage::<value>` labels are also an example of a [scoped label](https://gitlab.eclipse.org/help/user/project/labels.md#scoped-labels). Assigning one triage label automatically unassigns any other triage label. `status::<value>` is also scoped.
I've rather shamelessly studied and borrowed from both the [Kubernetes issue triaging process](https://www.kubernetes.dev/docs/guide/issue-triage/) and the [Eclipse Che repository labels](https://github.com/eclipse/che/labels) because our long term goal should be to automate parts of issue triage and assessment process as well as MR testing and review so contributions get prompt feedback.
Below is a list of proposed labels. This list is by no means complete. For definitions see [Labels](https://gitlab.eclipse.org/eclipse/asciidoc/asciidoc-lang/-/labels) and the attached "Issue Journey" (aka picture from my whiteboard)
```
kind/bug
kind/cleanup
kind/api-change
kind/process
kind/feature
kind/failing-test
kind/syntax-change
kind/dependency
area/spec-doc/content
area/spec-doc/organization
area/performance
area/DOM
area/release-plan
area/naming-and-terminology
area/architecture
area/converter
group/TCK
group/spec-doc
group/release
needs-triage
triage::accepted
triage::assessment-required
triage::need-information
triage::declined
triage::duplicate
triage::out-of-scope
triage::discuss
triage::not-reproducible
help wanted
good first issue
status::open
status::active
status::hold
status::frozen
assessment::call-for-team
assessment::hold
assessment::active
assessment::complete
```
`assessment` replaces the `arch-review` described in the contributing guide and governance document. @mojavelinux felt like ` review` might get confused with MR review actions/steps.
Feedback and suggestions are definitely welcome and encouraged!
The final result of this issue will be a set of labels primarily for issues. These labels will no doubt evolve as our process matures.
![issue-journey](/uploads/705a8e6fe0f873a1f102361b863798a6/issue-journey.jpg)Sarah WhiteSarah Whitehttps://gitlab.eclipse.org/eclipse/asciidoc-lang/asciidoc-lang/-/issues/2Add initial governance processes2021-05-18T21:57:35ZSarah WhiteAdd initial governance processesIn order for the community to collaborate effectively and ensure that everyone gets a chance to participate, we should describe:
- how the team and community is expected to conduct itself in the project spaces
- how decisions are made a...In order for the community to collaborate effectively and ensure that everyone gets a chance to participate, we should describe:
- how the team and community is expected to conduct itself in the project spaces
- how decisions are made about changes proposed in issues and MRs
- what the default decision making method is
- how an architecture group forms and works to evaluate a proposal
- how objections should be stated
The MR for this issue should provide a preliminary governance model, i.e., just enough structure that the project can begin operating in a predictable way. Once the project is in full swing it is highly likely that we'll want to reevaluate our governance model and update it.
Also, this preliminary governance model won't address the guidelines for becoming a project team committer, on-boarding a new committer, or off-boarding a committer. That process should be discussed in a new issue.
The preliminary governance model will need to be approved by the project team members once the MR has been finalized.Sarah WhiteSarah Whitehttps://gitlab.eclipse.org/eclipse/asciidoc-lang/asciidoc-lang/-/issues/1Add contributing guidelines for specification issues and MRs2021-04-15T17:12:39ZSarah WhiteAdd contributing guidelines for specification issues and MRsThe project's contributing guide should:
- link to and describe the project's communication channels
- describe the legal considerations for contributors, including the ECA and signing commits
- link to the project scope and release pla...The project's contributing guide should:
- link to and describe the project's communication channels
- describe the legal considerations for contributors, including the ECA and signing commits
- link to the project scope and release plan
- specify what policies apply to the project, including the Code of Conduct, Eclipse IP policy, and EFSP
- describe the information that should be provided in specification issues
- describe/link to how the project makes decisions
- lay out specification merge request guidelines and processes
- provide instructions for setting up a local repository
- list the workflow steps for creating an issue branch and submitting a MR
This issue only focuses on contributions for the specification, not the end user documentation.
A separate issue and MR should focus on the end user documentation contributing process.Sarah WhiteSarah White