On Wed, May 6, 2020 at 10:24 PM Simo Sorce <simo(a)redhat.com> wrote:
Well, a way to allow force pushes would be to have a git hook that
branches the tree before the force push. (creating a branch named
something like audit-force-push-<timestamp>)
That way you can retain data for legal/auditing reasons, while allowing
every day history to be rewritten.
Wouldn't it be easier to approach this from a build system perspective
and let for example the build system (or tools) tag the commits which
were built from with some for-ever-living tags? This would still
ensure a complete audit trail for whatever was built and shipped, but
could eliminate the need for a complete lock down of dist/source-git.
Not sure how "nice" that would be for an auditor that has
to
reconstruct what happened over multiple force pushes that way, it also
will generate quite an amount of noisy metadata (branches), but it
could work.
Refs created for auditing purposes could be kept in a separate git
namespace so they don't create noise in everyday workflows.