Open marcelamelara opened 7 months ago
I may have been too hasty! At some point in the future, GitHub should have a "click here to move your branch protection settings to rulesets" button. Unless someone wants to pick this up sooner than later, I think it'll be less work if we wait for the button.
I like the EASY button
Cheers,
CRob Director of Security Communications Intel Product Assurance and Security
Book time with Robinson, Christopher @.***?anonymous&ep=pcard>
From: Zach Steindler @.> Sent: Tuesday, February 20, 2024 9:56 AM To: ossf/tac @.> Cc: Subscribed @.***> Subject: Re: [ossf/tac] Migrate from branch protection to rulesets? (Issue #255)
I may have been too hasty! At some point in the future, GitHub should have a "click here to move your branch protection settings to rulesets" button. Unless someone wants to pick this up sooner than later, I think it'll be less work if we wait for the button.
— Reply to this email directly, view it on GitHubhttps://github.com/ossf/tac/issues/255#issuecomment-1954393865, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQRFDLGW3VLBJA7NXKZBK4LYUS2QNAVCNFSM6AAAAABC2VMQROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJUGM4TGOBWGU. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>
Is this a duplicate of 333 and can be closed out in this issue?
One problem is that branch protection is easily verified, and Scorecard does this. Rulesets aren't. I didn't see an argument for the switch - why should we switch?
Notes from TAC call where this was discussed:
We're currently using branch protection settings for PRs, but we could also consider migrating from branch protection to rulesets (https://github.com/ossf/tac/settings/rules).
Originally posted by @steiza in https://github.com/ossf/tac/pull/252#pullrequestreview-1844136802