-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove ui only documentation #311
base: main
Are you sure you want to change the base?
Conversation
- **UI and gem signin**: UI operations and `gem signin` will require OTP code. | ||
- **UI and API**: UI operations, `gem signin`, `push`, `owner --add` and `owner --remove` will require OTP code. | ||
|
||
Note: If you are on the **UI only** or **UI and gem signin** authentication level, | ||
UI Only was previously a valid MFA level, however, it has been removed and only accounts that were previously at that level will still see it in the dropdown. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I imagine the blog post as being linked on removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have any opinions on whether a blog post should be linked before this gets merged?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it could be a new PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, it would need to be created in the blog repo here: https://github.com/rubygems/rubygems.github.io. Would you like to write up a draft since you worked on this?
Clarifying on my original question, do you have a preference on the merge order? ie. merging this before the blog post has been posted and adding the link after or waiting until the blog has been merged and then merging this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I undercommunicated. I meant that I think the blog post linking could be a new pull request after this PR is merged. As for writing the blog post, I could do it, but I don't yet understand why UI only is insecure. Is it just that the CLI usage is more common?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks @kevinlinxc
- **UI and gem signin**: UI operations and `gem signin` will require OTP code. | ||
- **UI and API**: UI operations, `gem signin`, `push`, `owner --add` and `owner --remove` will require OTP code. | ||
|
||
Note: If you are on the **UI only** or **UI and gem signin** authentication level, | ||
UI Only was previously a valid MFA level, however, it has been removed and only accounts that were previously at that level will still see it in the dropdown. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have any opinions on whether a blog post should be linked before this gets merged?
Ok, we wrote the blog post, so we might as well wait for it and link it. |
Since the removal of ui only was merged (rubygems/rubygems.org#3084), the guides should be updated.
I remove other mentions of it and only talk about it in the place where dropdown is mentioned, explaining that it will still show up for people that have it as their set MFA level. Perhaps this bit is unnecessary but it feels like harmless transparency.
Another idea that I think we should do is link the ui only removal blog post.