Pandas Require 2FA on github

Pandas is a "critical" project on pypi: people who can upload wheels to pypi need 2FA enabled on their pypi account. The python project is considering requiring 2FA for all their github members: https://discuss.python.org/t/new-python-organization-repository-policy/17376

How about requiring pandas members to also have 2FA setup for github?

xref #44886 https://pypi.org/security-key-giveaway/

Comment From: mroeschke

I would be +1. I do understand the "requiring volunteers to incur more responsibility" argument though.

Looks like it could be enforced within the pandas-dev organization level https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization

Might be a detail to be included in the governance docs if agreed upon. #47694

Comment From: fangchenli

@pandas-dev/pandas-core One of the tasks of the GitHub Secure Open Source Fund is to "activate MFA for all maintainers and major contributors." To meet this requirement, we should require 2FA at org level.