This repository has been archived by the owner on Mar 7, 2023. It is now read-only.
Suggest enabling branch protection for this repository #14
Labels
management
Not a discussion or task
I would like to suggest that we enable branch protection for the
main
branch of this repository such that nobody is able to push directly tomain
but all commits must flow through a PR based workflow. This does add a small amount of 'overhead' to some operations. For example I saw a punctuation mistake just now and was tempted to push a fix through directly ... but given the nature of this group I believe it would be better if we kept everything more visible. Pushing directly tomain
without a PR step has one major downside: invisibility. Yes there is a paper trail and the change is there for all to see — but only if you look for it. Forcing a PR workflow adds notifications into the loop. People that choose to "watch" this repository will get either notifications on-site or by email (per their own configuration). Perhaps nobody cares, but I would appreciate this transparency and I think others might too.As such I propose adding branch protection, disabling force push, and requiring a PR workflow to merge to
main
including for administrators.Secondarily (and agreeing to the first part of this does not imply agreeing to this part) I also suggest that the PR workflow require 1 approving review for merger. This is much less important in my view than the first step, but think we probably have enough eyes and involvement here for this to be a very low overhead way to make sure 2 eyeballs actually get on any change that goes through.
Do note that this is not a security measure as the current administrators still have access to unilaterally disable these 'protections', they just have to willfully change the settings or access them dodging big red buttons that say "Yes use my admin privileges to force this operation". This proposal just firmly nudges everybody towards a more public workflow.
Please voice support or objections to these two proposals separately as the first would still allow repository administrators to unilaterally push changes through on as fast a timeline as they wanted, it would just mean interested parties got notified; the second would potentially slow the process down by requiring a second person to sign off on everything.
The text was updated successfully, but these errors were encountered: