From a07fccaf3441eed9afbe8cd5424f829b75533780 Mon Sep 17 00:00:00 2001 From: Tim Rogers Date: Wed, 8 Jun 2022 12:29:48 +0100 Subject: [PATCH] Require multi-factor authentication to push new releases to RubyGems This updates our gemspec to opt in to enforce multi-factor authentication (MFA) whenever we want to push releases of the gem, yank releases or add or remove owners. This will increase the security of our users by making it more difficult for a bad actor to release a version of Octokit.rb. After this is merged, the change will take effect from the first new release. Fixes #1438. --- octokit.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/octokit.gemspec b/octokit.gemspec index b30aadfc1..3801d083e 100644 --- a/octokit.gemspec +++ b/octokit.gemspec @@ -21,4 +21,5 @@ Gem::Specification.new do |spec| spec.required_rubygems_version = '>= 1.3.5' spec.summary = 'Ruby toolkit for working with the GitHub API' spec.version = Octokit::VERSION.dup + spec.metadata = { 'rubygems_mfa_required' => 'true' } end