You are not logged in.

Pages: 1

#1 2015-06-09 10:14:15

nguillaumin
Member
Registered: 2015-06-09
Posts: 4

Should AUR4 reject forced pushes?

Hi,

I've been converting my packages to AUR4 and I noticed that git push --force origin works.

While that was useful for me roll as I had committed my changes with a wrong username in my Git config, that sounds like a dangerous feature. Anybody could rewrite / delete the whole history of any AUR packages.

I found some reference to that problem in that post, but it's unclear if a decision was made about disabling forced pushes. Perhaps something to consider?

Cheers,

Nico

Offline

#2 2015-06-09 10:19:59

Spider.007
Member
Registered: 2004-06-20
Posts: 1,175

Re: Should AUR4 reject forced pushes?

nguillaumin wrote:

While that was useful for me roll as I had committed my changes with a wrong username in my Git config, that sounds like a dangerous feature. Anybody could rewrite / delete the whole history of any AUR packages.

Not anyone, only the people with access. Also, it has already proven useful to you, why would you want to prevent others from having the same possibilities?

Offline

#3 2015-06-09 10:31:20

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,396
Website

Re: Should AUR4 reject forced pushes?

It is disabled now.

PGP Key: F99FFE0FEAE999BD

Offline

#4 2015-06-09 10:32:35

nguillaumin
Member
Registered: 2015-06-09
Posts: 4

Re: Should AUR4 reject forced pushes?

It's certainly useful, I was just thinking that can also be dangerous. If we can make it safe enough there's no reason to drop it indeed.

I guess I'm unclear about what "people with access" entails?

Offline

#5 2015-06-09 10:37:36

Spider.007
Member
Registered: 2004-06-20
Posts: 1,175

Re: Should AUR4 reject forced pushes?

nguillaumin wrote:

It's certainly useful, I was just thinking that can also be dangerous. If we can make it safe enough there's no reason to drop it indeed.

I guess I'm unclear about what "people with access" entails?

All packages have "co-maintainers"; I assume random users cannot push to repos they don't maintain

Offline

#6 2015-06-16 08:56:36

steabert
Member
Registered: 2011-04-18
Posts: 78

Re: Should AUR4 reject forced pushes?

Unfortunately, I pushed a package with the wrong email address.
Now it's in there, a force push would be really handy to fix that.

Offline

Pages: 1

Board footer

Powered by FluxBB