https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/
I'm very keen to turn this on ASAP for the Wikimedia organisation. Although we don't use GitHub as our primary distribution service, things like this keep happening elsewhere. It could very easily happen to us, and then someone uploads something questionable that some unsuspecting user downloads and installs...
Does anyone have any objections?
I'm happy to re-add people after they have re-added 2FA if they are already a member/admin etc