[Development] Important: Upcoming Changes to Qt Project Contribution Security
David Redondo
qt at david-redondo.de
Tue Jan 28 15:47:31 CET 2025
Am Dienstag, 28. Januar 2025, 14:52 schrieb Jukka Jokiniva via Development:
> Hi Qt Project Contributors,
>
> As discussed in Contributors Summit 2024 (https://wiki.qt.io/Cyber-Security_and_implications_on_the_Qt_Project), the following changes are now under implementation:
> * Require Multi-Factor Authentication (MFA) for all Gerrit users.
> * Lock Gerrit accounts of inactive approvers. An approver is considered inactive if they have not logged into their Qt Account within 6 months. Notification email will be send 1 month before locking, and the process can be stopped simply by logging in.
> * Remove approver rights after 12 months of inactivity. Rights can be recovered by requesting them from Gerrit Admins.
>
> The exact schedule for the deployment is still open, but we expect these changes to take place in the coming months.
>
> To activate MFA already now, please visit your Qt Account (https://account.qt.io) and navigate to the My Profile page.
Hi,
when I scan the QR code on this page with FreeOTP the app tells me that the token is using cryptographically weak parameters.
David
More information about the Development
mailing list