www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-8228) Disable git force push on CloudStack repositories (at least)
Date Tue, 26 Aug 2014 17:25:59 GMT

    [ https://issues.apache.org/jira/browse/INFRA-8228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14110982#comment-14110982

Rohit Yadav commented on INFRA-8228:

Hi [~jfarrell],

So, first of all I would like to avoid any situation like Jenkins project had:

With recent security concerns around the world, backdoors in opensource software etc. I thought
it makes sense to not allow any to force push on any repo's master and at least release branch.
I understand it will be difficult to identify or maintain list of release branches so I think
it's a good way to not allow force push on any branches on the repo (IMO if people want to
rebase/force push, they should use their own git repos/forks on github etc.). This would be
a good way to maintain integrity of git repo history. I also think we should do it for all
Apache repositories unless there is a good reason?

I don't know if is necessary to have a vote or decision about this so please advise? I can
request again after a discussion with community. But then does that mean any committer can
do a "force push" (AFAIK there is no document either on the wiki or the bylaw that states
that we cannot force push, please correct me if there is any)?

> Disable git force push on CloudStack repositories (at least)
> ------------------------------------------------------------
>                 Key: INFRA-8228
>                 URL: https://issues.apache.org/jira/browse/INFRA-8228
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Git
>            Reporter: Rohit Yadav
>            Assignee: Jake Farrell
>            Priority: Critical
> Right now on CloudStack project repos, a committer can do a git force push on all branches
(did not check for master or release branches). Tested on a test branch and force push was
successful on repo: https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=heads
> The repo's git hooks should ideally drop all force push events, please add/improve git
hook of the repos to not allow force push on at least master and release branches (such as
4.1, 4.2, 4.3 in CloudStack's case).

This message was sent by Atlassian JIRA

View raw message