-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename master
branches?
#312
Comments
I think it'd be a good idea to introduce a new branch that's specifically intended to be consumed by (automated) tooling as soon as possible, and then wait until github has actually settled on a new name and adopt that one. Picking Something we could also consider to phase out old clients is a dummy branch that has "dummy" advisories for common crates with instructions on how to upgrade the rustsec client. |
As it were, there's already a first-class mechanism for filing informational advisories against https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199 |
I'm a soft vote for waiting to see if a consensus emerges on what the right
replacement name is, and if github or git upstream makes a change. It'd be
frustrating to switch and then need to switch again.
…On Sun, Jun 21, 2020 at 6:02 PM Tony Arcieri ***@***.***> wrote:
Something we could also consider to phase out old clients is a dummy
branch that has "dummy" advisories for common crates with instructions on
how to upgrade the rustsec client.
As it were, there's already a first-class mechanism for filing
informational advisories against cargo-audit/rustsec specifically for
alerting for these sorts of breaking changes:
https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#312 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBE4X7JZ2TSY4Z34ZDDRXZ7OTANCNFSM4OEAN2GA>
.
--
All that is necessary for evil to succeed is for good people to do nothing.
|
If you don't mind my asking, why is it important that a particular repository have its default branch have the default name for a default branch? I admit I don't maintain anything as important as this (maybe there are issues I'd see if I did), but, the few times I've bothered to translate my preference for being explicit about how stable or under-development the "master" branch is meant to be into actually giving it a different name, it never caused problems (except once, briefly, when I forgot to point GitHub at the new branch). |
From a muscle memory perspective, it's nice if you aren't constantly switching default branch names between projects. |
Yeah, I'm someone who contributes to dozens of projects between work and OSS, some commonality of my workflow is highly valued. |
GitHub has renamed the default branch to "main": |
The 'master' branch has been renamed to 'main' per: #312 However older clients are still consuming the 'master' branch. This commit adds a GitHub Actions job which mirrors the 'main' branch to 'master' to continue supporting these older clients.
The 'master' branch has been renamed to 'main' per: #312 However older clients are still consuming the 'master' branch. This commit adds a GitHub Actions job which mirrors the 'main' branch to 'master' to continue supporting these older clients.
The default branches of all repos in the RustSec org have now been renamed to The |
In the wake of recent events, several developers have chosen to rename the "master" branches on their projects, and GitHub has announced they will be changing the default branch name as well (although they haven't announced to what). It seems like "main", "develop", and "trunk" are all popular options.
Should we consider doing the same?
While it's pretty easy to rename the default branch of code repositories associated with this project, doing the same for
advisory-db
is trickier as therustsec
crate and everything that uses it includingcargo-audit
andcargo-deny
all directly consume the https://github.com/RustSec/advisory-db git repository. What's particularly troublesome is that the git refs for the master branch are presently hardcoded:https://github.com/RustSec/rustsec-crate/blob/42e8d16/src/repository.rs#L25-L29
This means we need to do a phased approach where we pick a new branch name, update clients with the new branch name, and then phase out the "master" branch some time after clients have upgraded.
All that said, in general I think the
advisory-db
repo could benefit from using a two-branch model where work on preparing advisories happens on one branch, and when it's complete they are published to a second branch which is what clients of theadvisory-db
actually consume.Setting aside for a moment what to rename the first branch too, I'm thinking would make sense to have a branch with a name like "live" or "published" for
advisory-db
clients to consume.There's an open PR (#311) to add a GitHub Action to assign advisory IDs. This seems like a good place to automatically update the "live"/"published" branch.
The text was updated successfully, but these errors were encountered: