<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@dalias" class="u-url mention">@<span>dalias</span></a></span> <span class="h-card" translate="no"><a href="https://orbital.horse/@emma" class="u-url mention">@<span>emma</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@mcc" class="u-url mention">@<span>mcc</span></a></span> I am happy to have a debate over the ethics of github, specifically, requiring MFA is a good idea, or PyPI for that matter, my main point here was really just that *some* scenarios that exist where higher security is required, and in those scenarios it is OK to exclude people who cannot meet those requirements. which scenarios meet that bar is a separate discussion and not one we need to resolve concurrently :)</p>