Linux Kernel Development Gets Two-Factor Authentication
Developers are now encouraged to use an additional layer of security with the introduction of two-factor authentication for code commits.Linux kernel development is getting a new layer of security with the introduction of two-factor authentication for code commits. The new authentication measures come nearly three years after the kernel.org site was attacked. Konstantin Ryabitsev, director of collaborative IT services at The Linux Foundation, announced the new two-factor authentication initiative. Kernel developers had already been using secure authentication mechanisms, including SSH (Secure Shell), to gain access to code repositories, he explained. The security breach of 2011 was a very valuable lesson to the Linux community, and many recent initiatives have been aimed at continuously improving the overall security profile, Ryabitsev told eWEEK. The move to two-factor authentication, however, is not a delayed reaction to the 2011 kernel.org attack, according to Ryabitsev. Rather, the move to two-factor authentication is in response to continuous requests from kernel developers who have expressed interest in improving the security of their own development processes.
Two-factor authentication—in which a second password (or factor) provides an additional layer of security—is being employed specifically for code commits made to the official Linux kernel repositories hosted at kernel.org. The system isn't just user-identity-based either.