Thanks for highlighting it.
I have asked the ASF infra Team [1] and they confirmed that both rules
are synced if we are using .asf.yaml.
[1] https://the-asf.slack.com/archives/CBX4TSBQ8/p1754468118813779
Am 05.08.25 um 15:16 schrieb Konrad Windszus:
Hi Sandra,
AFAIK only prevent force push is evaluated by Gitbox. Do you have any reference
about the branch deletion part?
I am not against it, just highlighting that you can bypass it.
Thanks,
Konrad
On 5. Aug 2025, at 13:45, Sandra Parsick <san...@parsick.dev> wrote:
As discussed in a previous thread, it makes sense from a supply chain security
perspective to introduce the following branch protection rules to all Maven
repositories:
- Prevent force push
- Prevent branch deletion
It will be enabled by .asf.yaml to ensure that the same branch protection rules
are used for Gitbox and GitHub.
It will be enabled for all default and maintenance branches.
Tasks to do:
- Check every Maven repository has .asf.yaml
- Enabling above-mentioned branch protection rules in all Maven repositories
via .asf.yaml
If the vote passes, I will take care of it.
Vote open for at least 72 hours.
[ ] +1
[ ] +0
[ ] -1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
