This was extracted (@ 2025-03-19 23:10) from a list of minutes
which have been approved by the Board.
Please Note
The Board typically approves the minutes of the previous meeting at the
beginning of every Board meeting; therefore, the list below does not
normally contain details from the minutes of the most recent Board meeting.
WARNING: these pages may omit some original contents of the minutes.
Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).
MFA is widely understood to be critical to security, with the CISA recommending it be enabled for any internet-facing application https://www.cisa.gov/sites/default/files/publications/MFA-Fact-Sheet-Jan22-508.pdf Within the ASF, those who would implement MFA have paused on the assertion that the foundation does not currently collect enough information to handle MFA reset requests, which makes enforcing MFA itself problematic. This is complicated by the reality that the team that would implement MFA (Infra) is not in charge of the data collection (Secretary), and the workflow and tooling that the Secretary uses today is likely insufficient at managing refreshing contact information for use in an MFA flow. This agenda item is to discuss and agree on a path forward, such as: - The board confirming that this is a desired capability to build - Identifying existing offices and officers who need to define policy or create tooling requirements - Prioritizing the implementation of that tooling against other proposed tooling The board reviewed this and agrees with the security team recommendations.