On 1/2/20 5:13 PM, Mike Gilbert wrote: > On Thu, Jan 2, 2020 at 9:08 AM Lennart Poettering > <lenn...@poettering.net> wrote: >>> If possible, it would probably be wise to restrict access for pushing >>> new branches like this. >> >> Hmm, how would we do that? Any suggestion? Happy to restrict that, but >> not sure how to do that... > > I thought maybe there was a setting in github for it, or maybe > something to do with permissions? > > I don't manage any multi-user github repos myself, so I don't have any > tangible advice.
This is actually kinda hard, as there is (right now) no configuration option to restrict creation of new branches. In theory, we could 'abuse' branch protection rules[0] (which currently protect the master branch against force pushes), but the branch pattern is not flexible enough to manage that, precisely the `File.fnmatch()` function[1] it uses internally doesn't have any negation logic to include all branches except for `master`. I guess we could do something like this[2], which would cover most of the branch names, in combination with some protection rule (either 'Require pull request reviews before merging' or 'Restrict who can push to matching branches'), but it's not perfect. [0] https://help.github.com/en/github/administering-a-repository/configuring-protected-branches [1] https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch [2] https://stackoverflow.com/questions/55053460/github-branch-name-pattern-negation/55057727#55057727 -- PGP Key ID: 0xFB738CE27B634E4B
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
