Hi Ben & OpenAMP TSC members,
During today's OpenAMP System Reference call, the question came up about defining GitHub main branch security policies. Bill mentioned that Ben had some thoughts on low-hanging fruit in this area, so starting up a thread on this topic.
Please let us know your recommendations.
Thanks & regards, Nathalie
P.S. Thanks to Bill for getting the OpenAMP GitHub organization upgraded to team level!
Hi all,
Discussion during today's OpenAMP System Reference call led to this proposal:
* Disable force push on main branch. If it is ever needed, the repo owner can enable it for making a specific fix & then disable it again. * Change main branch via pull requests only * We will not restrict rebase of patches (on any branch) b/c GitHub pipeline automatic rebase is useful when you're merging multiple PRs in a row. GitHub will warn you about lexicographical conflicts.
Please let us know by EOD 6th Feb 2024 if you have any concerns/objections.
Thanks & regards, Nathalie
From: Chan King Choy, Nathalie via Tsc tsc@lists.openampproject.org Sent: Thursday, January 11, 2024 4:37 PM To: Levinsky, Ben ben.levinsky@amd.com; OpenAMP TSC (tsc@lists.openampproject.org) tsc@lists.openampproject.org Subject: [OA-Tsc] Defining OpenAMP GitHub main branch security policies
Hi Ben & OpenAMP TSC members,
During today's OpenAMP System Reference call, the question came up about defining GitHub main branch security policies. Bill mentioned that Ben had some thoughts on low-hanging fruit in this area, so starting up a thread on this topic.
Please let us know your recommendations.
Thanks & regards, Nathalie
P.S. Thanks to Bill for getting the OpenAMP GitHub organization upgraded to team level!
-
Chan King Choy, Nathalie