James M Snell
James M Snell
I agree with Matteo here. This will be super disruptive. Let's limit the warning only to modules not inside node_modules.
Looks like there are some tests that need updating
Have we settled on this? I believe no but honestly it's not clear.
Everyone in the Node.js GitHub org is, as far as I can remember, required to have general 2fa enabled on their accounts. Physical keys would be a good additional layer...
> ... massively buy yubikeys for everyone... We don't need them for everyone... just for the build, build-infra, web-infra, and release teams I would imagine. That would be about 25...
Are there concrete next steps here or is this left open just to allow for discussion? It's not clear.
I've opened a separate PR (https://github.com/nodejs/TSC/pull/1756) that contains the version of the changes I would like to see.
We already allow individual contributors to display a "Sponsor Me" link by their name in the nodejs/node readme. How would this be any different / better? I'm -1 on adding...
I don't find any of these "limitations" convincing and I'm still -1. > The collaborators list is not easily discoverable. I'm not sure how the nodejs/node readme counts as not...
Here's a proposal on a possible path forward: We've had a handful of Collaborators add their `Support me` links to the readme. We really haven't investigated yet on whether that's...