#2964 Display MFA state for each version #3079
Conversation
There was a problem hiding this comment.
This makes sense to me! One thing though, the wording Version published with MFA can be misleading in two situations.
1. when a user pushes the mfa requirement: true in a new version initially, that version doesn't need to have mfa enabled to be pushed
2. when a user pushes the mfa requirement: false to turn the requirement off, that version does need to be published with mfa.
https://guides.rubygems.org/mfa-requirement-opt-in/
Perhaps something similar to "Version requires MFA enablement" would work
|
@jenshenny My issue with |
|
Discussed further with Jenny, it turns out you do need to send a OTP when you send So, the only time We decided that "version published with mfa" was fine then, as it is only incorrect in that one case, where reality is actually more secure than wha 8000 t the ui is claiming. |
|
Great work here guys 👏 Thank you for figuring this out. |
Fixes issue #2964
This change displays both of the following pieces of information on a gem's/version's page rather than just 1:
I also found
Requires MFA accountsa bit unclear, because I find myself asking "to do what?", and my interpretation is that the main goal of enabling MFA for a gem is to prevent unauthorized releases, so I changed it toNew versions require MFA. Personally, I still think true / show nothing is a weird paradigm, it feels like this should be a badge, or just the header.