On 1/2/20 5:13 PM, Mike Gilbert wrote:
> On Thu, Jan 2, 2020 at 9:08 AM Lennart Poettering
> <lenn...@poettering.net> wrote:
>>> If possible, it would probably be wise to restrict access for pushing
>>> new branches like this.
>> Hmm, how would we do that? Any suggestion? Happy to restrict that, but
>> not sure how to do that...
> I thought maybe there was a setting in github for it, or maybe
> something to do with permissions?
> I don't manage any multi-user github repos myself, so I don't have any
> tangible advice.

This is actually kinda hard, as there is (right now) no configuration option
to restrict creation of new branches.

In theory, we could 'abuse' branch protection rules[0] (which currently protect
the master branch against force pushes), but the branch pattern is not flexible
enough to manage that, precisely the `File.fnmatch()` function[1] it uses 
doesn't have any negation logic to include all branches except for `master`.

I guess we could do something like this[2], which would cover most of the branch
names, in combination with some protection rule (either 'Require pull request 
reviews before merging' or 'Restrict who can push to matching branches'), but
it's not perfect.

[1] https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch

PGP Key ID: 0xFB738CE27B634E4B

Attachment: signature.asc
Description: OpenPGP digital signature

systemd-devel mailing list

Reply via email to