I am in favor of this in general because anyone that's been a developer for any length of time understands code reviews are a good thing. It helps to catch mistakes and is always good to get a second pair of eyes on a commit. There really isn't any time where you would need to directly push. The only time it's a bit annoying is for small fixes or updates but that's not a huge deal to ping someone for an approval.
I also like the workflow because it means we never miss documenting a change and it will get included in the release notes. With no more Jira, we can just open up PRs now and those PRs become the issue. While we always have an option to create a separate GitHub Issue, just using the PR to document the change is nice. I also think that it's informative and very telling that it's been 3 months and none of the active contributors using the workflow have complained about it, so I think everyone is pretty happy with how it's gone so far. One thing I noticed is that the 5.19.x and 6.2.x branches do not require approval (you can just create a PR and immediately push). I think we should be consistent and for all active branches that we care about we should require approval. On Tue, Apr 14, 2026 at 1:36 PM Jean-Baptiste Onofré <[email protected]> wrote: > > Hi > > No you can manipulate everything via gh pr CLI (going via the github API). > I rarely use the github web ui (mostly using gh cli). > > I think that signed commits is a separate discussion, I like it. > > Regards > JB > > Le mar. 14 avr. 2026 à 19:28, Matt Pavlovich <[email protected]> a écrit : > > > Does this require the merge to be done via the Web UI? My only concern > > there is that means that those merge commits cannot be signed. > > > > I feel we should be working towards signed commits by author for a > > stronger supply chain security posture. > > > > Thanks, > > Matt > > > > > On Apr 14, 2026, at 12:17 PM, Jean-Baptiste Onofré <[email protected]> > > wrote: > > > > > > Hi everyone, > > > > > > Branch protection was enabled on the main branch on January 10, and > > > subsequently applied to the activemq-6.2.x and activemq-5.19.x branches > > on > > > February 19. > > > > > > As this impacts all contributors, this is a topic we should have > > discussed > > > collectively. I apologize for not bringing it to the list sooner. > > > > > > You can view the current configuration here: > > > https://github.com/apache/activemq/blob/main/.asf.yaml#L40 > > > > > > Under this configuration: > > > > > > 1. Direct pushes are no longer permitted (including via GitBox). All > > > changes must go through a PR. > > > 2. Every PR requires at least one approval to be merged. > > > > > > The goals of these changes are to: > > > > > > 1. Increase overall quality through peer reviews. > > > 2. Foster better collaboration. > > > 3. Improve the onboarding experience for new contributors via guidance > > and > > > feedback. > > > 4. Ensure CI validation before merging (which was previously disabled due > > > to flaky tests). > > > > > > I recognize this represents a shift in our workflow, specifically because > > > direct pushes are restricted and even minor changes now require a PR. For > > > rare cases where a direct push is necessary (such as updating build > > > contexts in .asf.yaml), we can coordinate with Infra to temporarily relax > > > these protections. > > > > > > Personally, after three months of using this workflow, I have seen many > > > positive results. However, if you have concerns, please share your > > comments > > > so we can discuss whether to adjust or disable these settings. > > > > > > Thanks > > > Regards, > > > JB > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > For further information, visit: https://activemq.apache.org/contact > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
