As the number of people contributing code grows, we've added more and more people to the github ceph org who have write access to ceph.git. Those people can merge pull requests and can also push branches directly to the repo. We also use ceph.git as a source for the test build infrastrucure (gitbuilders) to generate packages for QA or hot fixes and make check tests. This leads to an every-growing body of wip-* branches in the repo (which is annoying), and also means that in order to build something to test in QA you also get the ability to (say) push directly to master. How about we instead - create a second repo named something like ceph-ci.git (that's the best I can come up with at the moment) - add this as a second source for all gitbuilders (they can poll a list) - move all wip-* branches here - create a new github team with contributing developers who can push to this repo and are trusted not to wreak havoc on the builders - remove all the cruft from ceph.git, so that it's just master, next, the stable branches, release tags, and anything else similarly important. - restrict ceph.git write access to core developers This will improve security somewhat and reduce the risk of an accidental push to an important branch. It may also reduce the risk associated with accidental force pushes (something we've hemmed and hawed about recently) by limiting the circle of people who can write to ceph.git and also changing workflows so that it is almost never used directly... ? sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
