search

mozilla / testpilot

Test Pilot is a platform for performing controlled tests of new product concepts in Firefox
https://testpilot.firefox.com/
250 stars 123 forks source link

Set protected status on production branch #4036

Open moz-hwine opened 5 years ago

moz-hwine commented 5 years ago

The production branch on this repository is not protected against force pushes. This setting is recommended as part of Mozilla's Guidelines for a Sensitive Repository.

Anyone with admin permissions for this repository can correct the setting using this URL.

If you have any questions, or believe this issue was opened in error, please contact us and mention SOGH001-0 and this repository.

Thank you for your prompt attention to this issue. --Firefox Security Operations team

moz-hwine commented 5 years ago

The production branch on this repository is no longer protected against force pushes. This setting is recommended as part of Mozilla's Guidelines for a Sensitive Repository.

Branch protection had been configured previous for this repository, so you may want to check how the setting became unchecked.

Anyone with admin permissions for this repository can correct the setting using this URL.

If you have any questions, or believe this issue was opened in error, please contact us and mention SOGH002-2 and this repository.

Thank you for your prompt attention to this issue. --Firefox Security Operations team

lmorchard commented 5 years ago

Two things on this:

  1. We use force-pushes to the production branch to deploy specific commits
  2. This project is ending, so we will probably be archiving the repository in the next month or two
hwine commented 5 years ago

This setting does not prevent force pushes. It only disables them from the GUI.

You can achieve the same effect without force pushes. See this approach

Expect a few more automated addons to this bug, until the repo is archived.

moz-hwine commented 5 years ago

Hello! This is your neighborhood secops team still looking out for you!

The production branch on this repository is still not protected against force pushes. If the repository's production branches are not set as the GitHub default, please fill out this form.

If you have any questions, or believe this issue was opened in error, please contact us and mention SOGH001-2 and this repository.

Thank you for your prompt attention to this issue. --Firefox Operations Security team

moz-hwine commented 5 years ago

Hello! This is your neighborhood secops team still looking out for you!

The production branch on this repository is still not protected against force pushes. If the repository's production branches are not set as the GitHub default, please fill out this form.

If you have any questions, or believe this issue was opened in error, please contact us and mention SOGH001-2 and this repository.

Thank you for your prompt attention to this issue. --Firefox Operations Security team