-
Notifications
You must be signed in to change notification settings - Fork 578
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit push access to LTS staging branches to backport team #199
Comments
In my experience people pushing to the wrong branches is nearly always a mistake, anything that makes it harder for me to accidentally push to the wrong branch SGTM. |
I call for a more radical solution: clone into a separate repo.
|
Intensely annoying for code archeology, something I do a lot. |
That seems like it'll make everything much more complicated for no obvious benefit. If we limit access to the branch then if you push to it by mistake it'll just be rejected, and you'll realise your mistake. That seems like the ideal way to do it. Having a separate repo loses us many of the benefits of Git, it means you need two clones of Node (doubles your disk usage), and that you can no longer just
Protecting the branches should allow equally fine-grained access control?
You mean for the clone? Yeah sure, it's only slightly more complicated for that, but that's something you do once. In terms of backporting it will make it much more complex. EDIT: In fact what would probably happen is everyone would just have |
Think about it again.
I agree that archaeology is very useful, I use is allot as well to try and figure out what led to a certain solution.
No, you probably already use "two" remote repos, your fork, and the upstream one? it's just a matter of where you target your push/pull
Exactly! except not "everyone" will have these two, only people who do backporting. And it will allow better management for issues/PRs and a better focused notification audience. |
Another benefit I tought of:
What I've seen in places that did this sort of split was a conceptual change in the way the devs thought. When it's unnecessary An example nodejs/node#12580: whatever the eventual solution will be, IMHO this is a |
This ties in with my thoughts that we should invest in |
Is it the number of branches that makes git take a long time? I thought it was the
Everyone who commits into master should (hopefully) backport it to the relevant release lines if there is a merge conflict, so realistically most contributors will need both (so you won't get much
The whole backporting/release process is designed to minimise differences between versions, and to minimise mental load about which commits are where. Where possible we change things in master, and where possible we backport to all active release lines. When it's time for a new release we can just branch from
I think nodejs/node#12580 is something that's relevant to Node 8 as much as Node 7. |
For
The point is that most of the things should not be backported. Main use-case for
I think this is the crux of the matter; I'd like to see more difference between versions 😉. More innovation in |
Most Node.js development is
You'd like to see more The point of |
Anyway, splitting into multiple repos is orthogonal to this, so probably worth discussing in a separate issue. |
I'm a huge -1 on a new repo. Distributed nature of git aside it is project history, and it belongs in the repo. I believe that outstanding questions tangential to the private branches can be discussed in other issues. I think we should decide as a WG that we want to vote on this in tomorrows meeting. Assuming we vote to move forward we should bring to ctc Wednesday. |
As an outsider I think I'm +1 on limited access branches |
I'm +1 to limiting access to the staging and release LTS branches to the LTS WG. (that said, if we're goiing to pursue this, we should formalize the LTS WG... and I'm thinking it makes sense to formally attach it to the Release team in some way...) |
I'm +1 to limiting as well. |
@nodejs/lts has agreed to move forward with this. @nodejs/ctc can you please chime in here if you have any objections |
Sounds like a good idea to me. |
What to do upgrading openssl-1.0.2 for security fix against lts staging branches in the future? |
@shigeki We would open a PR targeting a lts-staging branch if there was a security fix (or any kind of fix) that applied to an LTS release but did not apply to master. |
@MylesBorins when sec fixes like nodejs/node@cae9eb35f0 are made, they seem to get pushed directly to LTS release branches (not even going through the lts-staging branch). @gibfahn pointed out to me in side-channel that may be @shigeki's concern. I don't know the process there. I think perhaps both the backport team and the release team may need push access? Or perhaps the CTC should get push access? Then again, 4 members of the LTS WG/backporting team (at least) are on the security team so can land security patches on LTS branches easily (James, Myles, Michael, and myself, as is Anna). And all CTC members have the ability to override permissions in any github.com/nodejs/ repo, so I don't think protecting the branches will prevent anything that needs doing, or even slow it down. |
@sam-github your final point summates my thoughts. I say lets move forward with the plan the way it is and augment if we find things are slowing down or blocked |
Thanks for clarification. I agree with trying to start a PR based process in such cases. |
no objections from CTC backporting team created FWIW Organization and repository administrators can still push |
This came up in the first backport team meeting. One way that we can be sure of the health of the staging branch is to make sure only backport-team is pushing to it.
Any objections?
The text was updated successfully, but these errors were encountered: