Approval encourage another person review and tend to avoid missed commit to ship in releases, nothing more. Now ack that to work it requires a list of trusted reviewers and not get it open to everyone.
Romain Manni-Bucau @rmannibucau <https://x.com/rmannibucau> | .NET Blog <https://dotnetbirdie.github.io/> | Blog <https://rmannibucau.github.io/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/en-us/product/java-ee-8-high-performance-9781788473064> Javaccino founder (Java/.NET service - contact via linkedin) Le sam. 16 mai 2026, 19:33, Guillaume Nodet <[email protected]> a écrit : > Approval does not give any guarantee. Anyone can impersonate someone else, > it’s just about changing the author in your git config. > If we want a bit more guarantee, we need to require signed commits. > > > ------------------------ > Guillaume Nodet > > > Le sam. 16 mai 2026 à 14:02, Elliotte Rusty Harold <[email protected]> a > écrit : > > > On Fri, May 15, 2026 at 2:41 PM Slawomir Jaranowski > > <[email protected]> wrote: > > > > > > Hi, > > > > > > From me also -1 > > > > > > Agree with Tamás > > > > > > and more: > > > - release process and tool are not ready - if I'm misses about it, > > > please try do release first in new way without write to default > > > branch, next we can talk > > > > Legitimate, but if this is a blocker we need to fix this. We can > > deprioritize other work if necessary to move the release tool forward. > > > > > - I can create a fake account on on GitHub and switching between it - > > > one for create PR and one for approve > > > > No, I don't think you can. You'd need another committer account to > > approve. If that's not true and any account can approve, then we need > > to fix that. > > > > > - we have a vote process where artifact and commits are checked > > > before publishing > > > - you can check reproducible build during vote > > > > That doesn't help at all. It just proves the malicious commit is > > reproducible. > > > > > - we have protected branches so force push with history override is > > disabled, > > > - all commits are logged on public ML > > > > Necessary but not sufficient. We need defense in depth. This is only > > one of several mitigations we need to take. > > > > -- > > Elliotte Rusty Harold > > [email protected] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > >
