[Development] Important: Upcoming Changes to Qt Project Contribution Security

Jukka Jokiniva Jukka.Jokiniva at qt.io
Wed Jan 29 13:05:21 CET 2025


Thanks for the feedback, I forwarded the message to the IT development team.

I did not have similar issues while using Microsoft Authenticator.

    --Jukka


From: David Redondo <qt at david-redondo.de>
Date: Tuesday, 28. January 2025 at 16.47
To: qt-dev <development at qt-project.org>
Cc: Jukka Jokiniva <Jukka.Jokiniva at qt.io>
Subject: Re: [Development] Important: Upcoming Changes to Qt Project Contribution Security
Am Dienstag, 28. Januar 2025, 14:52 schrieb Jukka Jokiniva via Development:
> Hi Qt Project Contributors,
>
> As discussed in Contributors Summit 2024 (https://wiki.qt.io/Cyber-Security_and_implications_on_the_Qt_Project), the following changes are now under implementation:
> * Require Multi-Factor Authentication (MFA) for all Gerrit users.
> * Lock Gerrit accounts of inactive approvers. An approver is considered inactive if they have not logged into their Qt Account within 6 months. Notification email will be send 1 month before locking, and the process can be stopped simply by logging in.
> * Remove approver rights after 12 months of inactivity. Rights can be recovered by requesting them from Gerrit Admins.
>
> The exact schedule for the deployment is still open, but we expect these changes to take place in the coming months.
>
> To activate MFA already now, please visit your Qt Account (https://account.qt.io) and navigate to the My Profile page.

Hi,
when I scan the QR code on this page with FreeOTP the app tells me that the token is using cryptographically weak parameters.
David





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20250129/e18ada58/attachment.htm>


More information about the Development mailing list