Julia packages organizations question

When I’m searching for packages on JuliaHub I see a lot of “Julia” authors like JuliaMaths, JuliaPlots, JuliaGraphs and so on.

Are they “official” organizations?
Does a list with all those organizations exists?

Thank you

Here is a list of all the organizations: Julia GitHub Organizations

Aside from those in the “Julia” category, all the other organizations are very ad hoc. They have organically arisen from mutual interest groups within the Julia community.

Does that help answer the question @Renan_Rabelo?

2 Likes

Yes! Thank you

1 Like

Some of the groups are administered by core developers. They usually also have pretty high security standards in that everyone with permisisons in those groups needs to have two factor authentication enabled. Permissions are also granular.

That said, anyone can create a group with Julia in the name. They can also create an organization and then abandon it.

FWIW, 2FA is mostly just a risk and PITA when passwords are used properly (with a password manager).

It turns out that Microsoft started forcing all Github users to use 2FA, though, so soon there’ll be no way around it on Github:

This really depends on the password manager, how one uses it, and the second factor. The problem with the password approach is that you still actually transmit the password itself across the network. If someone can manage to intercept that then they gain access.

SMS as a second factor is a huge problem. I would even argue that anything smartphone based, at least as a single factor, is problematic.

Most of us are quite familiar with public-private key authentication via SSH. We should work towards doing more of that. Hardware keys such as a Titan Key or a Yubikey provide a path in this direction.

The unencrypted git:// protocol was disabled on Github a few years ago already. Or did you have something else in mind?

I meant logging into Github’s web interface via HTTPS. You might argue that this is an encrypted connection, but it’s relative easy to socially engineer a password out of someone under the right conditions.

I’ve even seen antivirus software that installs its own root certificates in your browser, forces all encrypted traffic throught it’s proxy, and then forwards it on. This was done in the name of security, but obviously this just creates a new security hole.

Overall, I think we are probably heading towards FIDO2 based authentication becoming more ubiquitous.

https://fidoalliance.org/fido2/