Dear project committers,
I would like to bring to your attention that the security team at the Eclipse Foundation will soon be requiring that accounts with committer privileges on gitlab.eclipse.org activate 2FA access control.
The plans, along with details on the importance of this change, have been shared on the committers mailing list.
As included in the announcement, we are opening this ticket to inform you and track the activation of 2FA on accounts belonging to this projects’ members.
To keep in mind, starting on on the 30th of October you’ll likely see a banner each time you access GitLab reminding you to activate 2FA in your account.
The deadline is December the 4th, by which access to your account will be limited until you activate 2FA. It is highly recommended that you enroll in this process before the deadline.
GitLab offers instructions on every step of the process and we’re happy to answer any question you might have.
Thank you!
/cc @mbarbero
Detailed instructions are available. In a nutshell, visit gitlab.eclipse.org/-/profile/two_factor_auth and follow the on-screen instructions.
If the form asks you for a password in order to set up 2FA on your account, this is not your Eclipse account’s password. It is a known bug on Gitlab that some accounts are requested a “local” password despite having one in the Active Directory.
You should request a password reset and use that same password for this form. This process does not change your Eclipse account password.
No. GitLab supports two 2FA methods: Time-based One Time Password (TOTP) compatible with mobile apps like Google Authenticator or Authy, and several password managers such as Bitwarden or 1Password. WebAuthN, which necessitates a hardware token, typically a USB key (examples include Solo 2 key or Yubikey). These tokens are sometimes referred to as FIDO2 keys.
In the near future, 2FA will become mandatory for authentication on your accounts. Should you not have enrolled by the deadline we communicated to you, access to the platform will be restricted.
No, you’re all good.
We highly recommend the utilization of diverse secondary authentication methods. In the event that you misplace all your secondary authentication elements, recovery codes will be the only way to restore account access. By securely storing your recovery codes, you'll ensure the ability to regain access.
Note that the Eclipse IT team may be able to recover access to accounts with 2FA enabled if both the 2FA credentials and account recovery methods are lost. This will require extra identity verification and direct contact with security@eclipse-foundation.org or webmaster@eclipse-foundation.org.
Dear project committers,
I would like to bring to your attention that the security team at the Eclipse Foundation will soon be requiring that accounts with committer privileges on gitlab.eclipse.org activate 2FA access control.
The plans, along with details on the importance of this change, have been shared on the committers mailing list.
As included in the announcement, we are opening this ticket to inform you and track the activation of 2FA on accounts belonging to this projects’ members.
To keep in mind, starting on on the 30th of October you’ll likely see a banner each time you access GitLab reminding you to activate 2FA in your account.
The deadline is December the 4th, by which access to your account will be limited until you activate 2FA. It is highly recommended that you enroll in this process before the deadline.
GitLab offers instructions on every step of the process and we’re happy to answer any question you might have.
Thank you!
/cc @mbarbero
Detailed instructions are available. In a nutshell, visit gitlab.eclipse.org/-/profile/two_factor_auth and follow the on-screen instructions.
If the form asks you for a password in order to set up 2FA on your account, this is not your Eclipse account’s password. It is a known bug on Gitlab that some accounts are requested a “local” password despite having one in the Active Directory.
You should request a password reset and use that same password for this form. This process does not change your Eclipse account password.
No. GitLab supports two 2FA methods: Time-based One Time Password (TOTP) compatible with mobile apps like Google Authenticator or Authy, and several password managers such as Bitwarden or 1Password. WebAuthN, which necessitates a hardware token, typically a USB key (examples include Solo 2 key or Yubikey). These tokens are sometimes referred to as FIDO2 keys.
In the near future, 2FA will become mandatory for authentication on your accounts. Should you not have enrolled by the deadline we communicated to you, access to the platform will be restricted.
No, you’re all good.
We highly recommend the utilization of diverse secondary authentication methods. In the event that you misplace all your secondary authentication elements, recovery codes will be the only way to restore account access. By securely storing your recovery codes, you'll ensure the ability to regain access.
Note that the Eclipse IT team may be able to recover access to accounts with 2FA enabled if both the 2FA credentials and account recovery methods are lost. This will require extra identity verification and direct contact with security@eclipse-foundation.org or webmaster@eclipse-foundation.org.
To avoid users unintentionally connecting to the internet (e.g. from the about page), we want to filter outgoing requests to limit allowed remote addresses.
Tasks
[ ] The browser component supports filtering requests [ ] Requests in SET are filtered to prevent external network requests
Migrated to https://github.com/eclipse-set/set/pull/2
Migrated to https://github.com/eclipse-set/set/pull/1
set bot user (79c8c26f) at 10 Jul 09:58
Update dependency information
Pascal Stücker (af13146d) at 10 Jul 09:30
Ngoc Quang Truong (af13146d) at 10 Jul 09:30
Fix various sonarlint warnings
Ngoc Quang Truong (b44d70c5) at 07 Jul 09:53
Pascal Stücker (0f5ea044) at 07 Jul 09:53
Add EnumTransformation utility
Ngoc Quang Truong (2d6fbbed) at 07 Jul 09:52
Pascal Stücker (e48e6e7b) at 07 Jul 09:52
Fix NPE in Sslz