On Wed, May 6, 2020 at 10:24 PM Simo Sorce <simo@xxxxxxxxxx> wrote: > Well, a way to allow force pushes would be to have a git hook that > branches the tree before the force push. (creating a branch named > something like audit-force-push-<timestamp>) > That way you can retain data for legal/auditing reasons, while allowing > every day history to be rewritten. Wouldn't it be easier to approach this from a build system perspective and let for example the build system (or tools) tag the commits which were built from with some for-ever-living tags? This would still ensure a complete audit trail for whatever was built and shipped, but could eliminate the need for a complete lock down of dist/source-git. > Not sure how "nice" that would be for an auditor that has to > reconstruct what happened over multiple force pushes that way, it also > will generate quite an amount of noisy metadata (branches), but it > could work. Refs created for auditing purposes could be kept in a separate git namespace so they don't create noise in everyday workflows. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
