For the web interface: none, haikuwebkit does not support webauthn.
For the commandline: all of them, just use a ssh key.
Funny thing is… since keycloak got added, and I setup 2FA for gerrit, it is Haiku’s gerrit the one that gets on my nerves, asking for me to loging/2FA, way way too frequently.
2fa is not a requirement. You don’t have to use it.
I’m just not as young as most of you kiddos (no pun intended) 
So if there will be a change, it will take me some time (not sure how long, I’m familiar with basic git things not that long ago) if I get there at all.
It’s still exactly the same git command you will use.
The workflow with creating pull requests and merging them works exactly the same on Codeberg as on Github.
Even the user interface looks almost the same,if you think of Github a few months,maybe a year ago.
It’s a non-profit organization,not a company.
Also,the Forgejo software can be self-hosted if we want to be fully independent.
LOL, trying to register an account there … “Sign in with github” or “Sign in with gitlab” (not required but still made me laugh) 
1 Like
-1 for only using self-hosted tools because it are much less reliable. There are much higher chances that data will be lost on self-hosted repos than on GitHub/GitLab that have a tons of backups all over the world.
4 Likes
I don’t mind if haikuports is moved to another system (or HaikuArchives for that matter).
Most important to me is that the webinterface works in Web+.
To the moving project the most important is: Can tickets and PRs be migrated there?
Then abuse them as read-only mirror for backup purposes,but don’t force every contributor to have an account with them.
2FA on GitHub is just TOTP authentication algorithm that can be called from a simple Python script. It do not need mobile phone or any kind of complex proprietary software.
1 Like
Sure. It’s “just” totp.
I’ve already lost access to my bitbucket account to TOTP, i don’t care to have to fear that i might loose it because of some specific computer going haywire.
Anyhow, the backup argument is kind of moot, git is already distributed. In order to loose all repos you’d have to destroy every haikuports contributers computer…
2 Likes
I suspect that for most developers it is easier to use existing GitHub account instead creating new account on every new web site. It is also why “Login with GitHub” buttons are so popular. I would expect significant drop of contributions if move from GitHub to selfhosting.
Don’t break what is not broken.
9 Likes
How? Consider that TOTP this just yet another password that is not transferred as plain text. It can be stored in the same way as any other password.
It’s a software you have to run on a specific computer to compute the secret for that moment. If you loose access to that computer you then also loose access to the account. Because it simply isn’t just a password.
It is a password, not a software. Software is a thing that converts password into value that should be typed to login. That software can be written in a few lines of Python code. TOTP private key (password) can be stored in keychain management software like every other password. And backups can be taken if needed, including writing passwords on paper.
While I am not tried, it should be possible to calculate TOTP one time password from private key and wall clock time by hand using paper and pen without any computers at all.
This isn’t true. There are plenty of password managers that handle TOTP and synchronize the TOTP state across devices, so that if you lose access to one you still have access to TOTP. And even without that, you always get “backup codes” that you can use in the event you do lose your TOTP generator.
2 Likes
It did happen to me regardless, and telling me to employ an even more complex solution isn’t really a solution. You are just pilling more and more complexity onto a problem that shouldn’t even exist in the first place.
I’ve already been using 2FA via email with services for years, yet that somehow now isn’t enough. I am not really interested to hear more excuses of “oh its easy you just do this”.
1 Like
This is the main point that I would be in favour of keeping it. GitHub has the main advantage of discoverability and a large pool of developers and I suspect that moving to a self-hosted Gitlab or Gerrit instance would be very unpleasant for existing and new joiners already used to GitHub resulting in a large loss of contributions.
2 Likes