www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-8228) Disable git force push on CloudStack repositories (at least)
Date Tue, 26 Aug 2014 17:25:59 GMT

    [ https://issues.apache.org/jira/browse/INFRA-8228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14110982#comment-14110982
] 

Rohit Yadav commented on INFRA-8228:
------------------------------------

Hi [~jfarrell],

So, first of all I would like to avoid any situation like Jenkins project had:
https://groups.google.com/forum/#!searchin/jenkinsci-dev/force$20push/jenkinsci-dev/-myjRIPcVwU/mrwn8VkyXagJ

With recent security concerns around the world, backdoors in opensource software etc. I thought
it makes sense to not allow any to force push on any repo's master and at least release branch.
I understand it will be difficult to identify or maintain list of release branches so I think
it's a good way to not allow force push on any branches on the repo (IMO if people want to
rebase/force push, they should use their own git repos/forks on github etc.). This would be
a good way to maintain integrity of git repo history. I also think we should do it for all
Apache repositories unless there is a good reason?

I don't know if is necessary to have a vote or decision about this so please advise? I can
request again after a discussion with community. But then does that mean any committer can
do a "force push" (AFAIK there is no document either on the wiki or the bylaw that states
that we cannot force push, please correct me if there is any)?


> Disable git force push on CloudStack repositories (at least)
> ------------------------------------------------------------
>
>                 Key: INFRA-8228
>                 URL: https://issues.apache.org/jira/browse/INFRA-8228
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Git
>            Reporter: Rohit Yadav
>            Assignee: Jake Farrell
>            Priority: Critical
>
> Right now on CloudStack project repos, a committer can do a git force push on all branches
(did not check for master or release branches). Tested on a test branch and force push was
successful on repo: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=heads
> The repo's git hooks should ideally drop all force push events, please add/improve git
hook of the repos to not allow force push on at least master and release branches (such as
4.1, 4.2, 4.3 in CloudStack's case).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message