A majority vote of the current board members is required for the following matter.

Proposal:

Votes:

Board Member 1.
Josh Andler a
Tavmjong Bah a
Ted Gould d
Martin Owens a
Marc Jeanmougin a
Chris Rogers a

Resolution:

The Inkscape PLC has authorized the reimbursement of up to 2k$ for security keys for contributors asking for it.

Background:

Some contributors have, or need to have, access to social media accounts to post on the behalf of the project, or to infrastructure accounts, most importantly gitlab. For computer security, we would like to protect those accesses with a safe 2FA method, and the safest method to avoid impersonation and phishing attacks is a 2FA hardware token with FIDO2 or U2F. Then we would be able to set a policy to enforce 2fa when contributors need access to passwords that would be shared on nextcloud, or to contributors with “owner” access to gitlab projects.

The most common such token is the Yubikey (45€/$ a piece+10 tax+5shipping) but there are equivalents with open hardware component and open source software (e.g. solokeys at 35€/$ incl. tax +5€ shipping, or nitrokey ). As for the amount of people, the vectors team has around 10-15 people with some level of access to passwords of the project, 4 people do not have 2FA and have “owner” access to the whole gitlab project, + 2 “maintainer” access to inkscape/inkscape (and more in other sub-projects). We also have the possibility to offer it to all regular contributors for whom it would be useful.

It is yet to be seen whether we could have a discount by asking, or if there is a way to pay for the whole order and get a single reimbursement instead of reimbursing individual contributors

Note: On resolution, CC:

[email protected], [email protected], [email protected]