yes, we should check what we can, not only what we want given what we want vote is only on the minimal step, I'm +1 but eager on seeing how we can implement it (without going more aggressive)
for next steps, seing what we can will be a strong prerequisite on voting on it Regards, Hervé On 2025/08/05 13:16:31 Konrad Windszus wrote: > Hi Sandra, > AFAIK only prevent force push is evaluated by Gitbox. Do you have any > reference about the branch deletion part? > I am not against it, just highlighting that you can bypass it. > > Thanks, > Konrad > > > On 5. Aug 2025, at 13:45, Sandra Parsick <san...@parsick.dev> wrote: > > > > As discussed in a previous thread, it makes sense from a supply chain > > security perspective to introduce the following branch protection rules to > > all Maven repositories: > > > > - Prevent force push > > - Prevent branch deletion > > > > It will be enabled by .asf.yaml to ensure that the same branch protection > > rules are used for Gitbox and GitHub. > > > > It will be enabled for all default and maintenance branches. > > > > > > Tasks to do: > > - Check every Maven repository has .asf.yaml > > - Enabling above-mentioned branch protection rules in all Maven > > repositories via .asf.yaml > > > > > > If the vote passes, I will take care of it. > > > > > > Vote open for at least 72 hours. > > > > [ ] +1 > > [ ] +0 > > [ ] -1 > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
