On Mon, Nov 23, 2015 at 08:02PM, Raul Kripalani wrote: > Hi Brane, > > I hadn't joined the project back then, so I don't know the history, but my > guess is that the loss of traceability might have occurred as a result of > importing the code from an external repository. I don't see why they could > be attributed to branch deletion – probably I'm not feeling creative enough > today ;-) > > The current prohibition seems to be temporary. There's was fragility in the > current scenario – since any committer could delete any Git head from the > repo, including fundamental ones which should be protected by all means: > master, develop, maintenance streams, etc. So if a dev accidentally deleted > master, and you were unlucky enough that the Git server decided to run gc > between then and the time you tried to recover from reflog, you could be > pretty screwed. Well – not so much, because presumably other devs would be > having local copies of master and could re-push them. But it's still a > hardcore vulnerability! > > In Ignite, the branches we create to implement JIRA issues originate from > our ASF Git repo itself, so traceability is feasible at all times. A > different story would be to pull from a remote repo (Github – this could be > problematic in terms of IP) into the ASF. In my opinion, Board does need to > regulate that, because using GH for pull requests may lead to some dubious > situations with regards to IP. (I can elaborate if you guys are interested > to discuss).
As far as I see, direct pulls from other repos isn't usually a case. Even if one has two remotes - one for ASF git & another for GH - and cherry-pick a commit from GH to ASF, it is traceable by the virtue of associated JIRA tickets, etc. So, yes - while a potential pain in the butt - a solvable situation. Cos > Regards, > > *Raúl Kripalani* > PMC & Committer @ Apache Ignite, Apache Camel | Integration, Big Data and > Messaging Engineer > http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani > http://blog.raulkr.net | twitter: @raulvk
signature.asc
Description: Digital signature
