The Change in PIPI's Two Factor Authentication Policy

This year PIPI is going to require everybody to use two factor authentication not the top 1% of the critical Packages. So it's so let's say you've got an open source project and there's like, you know, 20 people contributing That would be cool. But if only one of you is ever pushing to PIPI then it's just one of you unless you're doing an Or organization thing. And GitHub itself also has a two-affay requirement now. If other people are on get and not using two factor forget but they're just pushing to your repo. I think that's still fine. It doesn't matter as long as those actively interacting with PIP