Add 2FA and require it for extension developers
The recent account hijack of the author of the Snowy extension got me thinking about the security of GNOME extensions delivery for users. I know there is moderation of changes at EGO, but I also think it would be much safer to require 2FA for extension developers.