You are not logged in.
Hi,
I've been converting my packages to AUR4 and I noticed that git push --force origin works.
While that was useful for me as I had committed my changes with a wrong username in my Git config, that sounds like a dangerous feature. Anybody could rewrite / delete the whole history of any AUR packages.
I found some reference to that problem in that post, but it's unclear if a decision was made about disabling forced pushes. Perhaps something to consider?
Cheers,
Nico
Offline
While that was useful for me as I had committed my changes with a wrong username in my Git config, that sounds like a dangerous feature. Anybody could rewrite / delete the whole history of any AUR packages.
Not anyone, only the people with access. Also, it has already proven useful to you, why would you want to prevent others from having the same possibilities?
Offline
Offline
It's certainly useful, I was just thinking that can also be dangerous. If we can make it safe enough there's no reason to drop it indeed.
I guess I'm unclear about what "people with access" entails?
Offline
It's certainly useful, I was just thinking that can also be dangerous. If we can make it safe enough there's no reason to drop it indeed.
I guess I'm unclear about what "people with access" entails?
All packages have "co-maintainers"; I assume random users cannot push to repos they don't maintain
Offline
Unfortunately, I pushed a package with the wrong email address.
Now it's in there, a force push would be really handy to fix that.
Offline