On Wed, May 6, 2020 at 10:24 PM Simo Sorce simo@redhat.com wrote:
Well, a way to allow force pushes would be to have a git hook that branches the tree before the force push. (creating a branch named something like audit-force-push-<timestamp>) That way you can retain data for legal/auditing reasons, while allowing every day history to be rewritten.
Wouldn't it be easier to approach this from a build system perspective and let for example the build system (or tools) tag the commits which were built from with some for-ever-living tags? This would still ensure a complete audit trail for whatever was built and shipped, but could eliminate the need for a complete lock down of dist/source-git.
Not sure how "nice" that would be for an auditor that has to reconstruct what happened over multiple force pushes that way, it also will generate quite an amount of noisy metadata (branches), but it could work.
Refs created for auditing purposes could be kept in a separate git namespace so they don't create noise in everyday workflows.