Hello,

It is our intention to make our Gitlab instance the canonical source for
aports. In order to ensure the integrity of aports, we are going to
require everyone with push access to alpine/aports to setup 2FA[0]. 

This can either be done through TOTP, or additionally with your favorite
U2F capable token.

Cases like the [Gentoo security incident] make it clear that we need to
Be pro-active in our security procedures.

We will enable this for everyone who has push access to aports. Once we
switch to Gitlab as cannonical source, it will no longer be possible for
these members to login without setting up a 2nd factor.

Let us know if you have any questions or remarks.

The Alpine Team

[0]: https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html
[1]: https://wiki.gentoo.org/wiki/Project:Infrastructure/Incident_Reports/2018-06-28_Github