Re: [systemd-devel] Random branch in github.com/systemd/systemd
On 1/2/20 5:13 PM, Mike Gilbert wrote: > On Thu, Jan 2, 2020 at 9:08 AM Lennart Poettering > wrote: >>> If possible, it would probably be wise to restrict access for pushing >>> new branches like this. >> >> Hmm, how would we do that? Any suggestion? Happy to restrict that, but >> not sure how to do that... > > I thought maybe there was a setting in github for it, or maybe > something to do with permissions? > > I don't manage any multi-user github repos myself, so I don't have any > tangible advice. This is actually kinda hard, as there is (right now) no configuration option to restrict creation of new branches. In theory, we could 'abuse' branch protection rules[0] (which currently protect the master branch against force pushes), but the branch pattern is not flexible enough to manage that, precisely the `File.fnmatch()` function[1] it uses internally doesn't have any negation logic to include all branches except for `master`. I guess we could do something like this[2], which would cover most of the branch names, in combination with some protection rule (either 'Require pull request reviews before merging' or 'Restrict who can push to matching branches'), but it's not perfect. [0] https://help.github.com/en/github/administering-a-repository/configuring-protected-branches [1] https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch [2] https://stackoverflow.com/questions/55053460/github-branch-name-pattern-negation/55057727#55057727 -- PGP Key ID: 0xFB738CE27B634E4B signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Random branch in github.com/systemd/systemd
On Thu, Jan 2, 2020 at 9:08 AM Lennart Poettering wrote: > > If possible, it would probably be wise to restrict access for pushing > > new branches like this. > > Hmm, how would we do that? Any suggestion? Happy to restrict that, but > not sure how to do that... I thought maybe there was a setting in github for it, or maybe something to do with permissions? I don't manage any multi-user github repos myself, so I don't have any tangible advice. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Random branch in github.com/systemd/systemd
On So, 29.12.19 14:59, Mike Gilbert (flop...@gentoo.org) wrote: > It looks like a branch called "msekletar-security-list-process" was > pushed to the official systemd github repo earlier this month. This > branch probably belongs in msekletar's personal fork instead. > > https://github.com/systemd/systemd/branches Indeed. Deleted now. > If possible, it would probably be wise to restrict access for pushing > new branches like this. Hmm, how would we do that? Any suggestion? Happy to restrict that, but not sure how to do that... Lennart -- Lennart Poettering, Berlin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Random branch in github.com/systemd/systemd
It looks like a branch called "msekletar-security-list-process" was pushed to the official systemd github repo earlier this month. This branch probably belongs in msekletar's personal fork instead. https://github.com/systemd/systemd/branches If possible, it would probably be wise to restrict access for pushing new branches like this. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
