developers October 2025

developers@lists.ilias.de

1 participants
1 discussions

Upcoming GitHub Security Requirements: 2FA and Verified Commits

by Michael Jansen

Dear community members, while restructuring our "Collaborators and Teams" on GitHub recently, we noticed that some of you have not yet enabled two-factor authentication (2FA), and that a few accounts are still using authentication methods considered "insecure" by GitHub. To strengthen the security of the ILIAS project and protect our shared development infrastructure, we plan to make 2FA mandatory for all contributors. You can find detailed setup instructions here (GitHub Docs): https://docs.github.com/en/authentication/securing-your-account-with-two-fa… We will enforce this requirement starting November 17th, 2025. After this date, we will begin revoking repository access for accounts that do not have 2FA enabled. If you have any reasonable objections or concerns about this change, please reach out to us as early as possible. In addition, we encourage all contributors to use "Verified Commits" when pushing code. - Signed commits help ensure that: - The code you publish can be cryptographically linked to you as its author. - The integrity of the commit history cannot be tampered with (e.g., by impersonation or repository compromise). Further reading and setup guides: - How to get the GitHub Verified icon: https://blog.ediri.io/how-to-get-the-github-verified-icon - About commit signature verification (GitHub Docs): https://docs.github.com/en/authentication/managing-commit-signature-verific… - PHP.net Git hack and the importance of commit signing: https://php.watch/news/2021/03/git-php-net-hack Best regards, Michael on behalf of the Technical Board

4 days, 12 hours

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

developers October 2025