Skip to content

Opt-in for MFA requirement explicitly#257

Merged
felipedmesquita merged 1 commit intotyphoeus:masterfrom
tagliala:security/opt-in-for-mfa
Aug 22, 2025
Merged

Opt-in for MFA requirement explicitly#257
felipedmesquita merged 1 commit intotyphoeus:masterfrom
tagliala:security/opt-in-for-mfa

Conversation

@tagliala
Copy link
Copy Markdown
Contributor

@tagliala tagliala commented Aug 22, 2025

As a popular gem (over 180 million total downloads), ethon implicitly requires that all privileged operations by any of the owners require OTP.

By explicitly setting rubygems_mfa_required metadata, the gem will show "NEW VERSIONS REQUIRE MFA" and "VERSION PUBLISHED WITH MFA" in the sidebar at https://rubygems.org/gems/ethon

This commit also introduces additional metadata

Ref:

metadata verified via

$ gem build
$ gem spec -l ethon-0.17.0.gem 

# ...
metadata:
  bug_tracker_uri: https://github.com/typhoeus/ethon/issues
  changelog_uri: https://github.com/typhoeus/ethon/blob/v0.17.0/CHANGELOG.md
  documentation_uri: https://www.rubydoc.info/gems/ethon/0.17.0
  rubygems_mfa_required: 'true'
  source_code_uri: https://github.com/typhoeus/ethon/tree/v0.17.0
# ...

@tagliala
Opt-in for MFA requirement explicitly
9eecf82 
As a popular gem (over 180 million total downloads), `ethon` implicitly
requires that all privileged operations by any of the owners require
OTP.

By explicitly setting `rubygems_mfa_required` metadata, the
gem will show "NEW VERSIONS REQUIRE MFA" and "VERSION PUBLISHED WITH
MFA" in the sidebar at https://rubygems.org/gems/ethon

This commit also introduces additional metadata

Ref:
- https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html
- https://guides.rubygems.org/mfa-requirement-opt-in/
@tagliala
Copy link
Copy Markdown
Contributor Author

tagliala commented Aug 22, 2025

Failure is unrelated

-- Control frame information -----------------------------------------------
c:0009 p:---- s:0050 e:000049 CFUNC  :easy_cleanup
c:0008 p:---- s:0047 e:000046 CFUNC  :call
c:0007 p:0007 s:0042 e:000041 METHOD /home/runner/work/ethon/ethon/vendor/bundle/ruby/3.5.0+3/gems/ffi-1.17.2/lib/ffi/autopointer.rb:152
c:0006 p:0016 s:0037 e:000036 METHOD /home/runner/work/ethon/ethon/vendor/bundle/ruby/3.5.0+3/gems/ffi-1.17.2/lib/ffi/autopointer.rb:143 [FINISH]
c:0005 p:0114 s:0032 e:000031 METHOD /home/runner/work/ethon/ethon/vendor/bundle/ruby/3.5.0+3/gems/webrick-1.9.1/lib/webrick/httpresponse.rb:135
c:0004 p:0011 s:0027 e:000025 METHOD /home/runner/work/ethon/ethon/vendor/bundle/ruby/3.5.0+3/gems/webrick-1.9.1/lib/webrick/httpserver.rb:238
c:0003 p:0018 s:0021 e:000020 METHOD /home/runner/work/ethon/ethon/vendor/bundle/ruby/3.5.0+3/gems/webrick-1.9.1/lib/webrick/httpserver.rb:72
c:0002 p:0106 s:0009 e:000008 BLOCK  /home/runner/work/ethon/ethon/vendor/bundle/ruby/3.5.0+3/gems/webrick-1.9.1/lib/webrick/server.rb:310 [FINISH]
c:0001 p:---- s:0003 e:000002 DUMMY  [FINISH]

-- Ruby level backtrace information ----------------------------------------
/home/runner/work/ethon/ethon/vendor/bundle/ruby/3.5.0+3/gems/webrick-1.9.1/lib/webrick/server.rb:310:in 'block in start_thread'

@tagliala tagliala mentioned this pull request Aug 22, 2025
Closed
6 tasks
@felipedmesquita
Copy link
Copy Markdown
Member

felipedmesquita commented Aug 22, 2025

🎉 thanks!

@felipedmesquita felipedmesquita merged commit 6e3ea9a into typhoeus:master Aug 22, 2025
39 of 40 checks passed
@tagliala tagliala deleted the security/opt-in-for-mfa branch August 22, 2025 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tagliala @felipedmesquita