Learn more about these different git repos.
Other Git URLs
Describe the issue It seems that pushes to master branches of modules were disabled recently as pointed out in #9976. Nevertheless, I don't think this was properly communicated, because this leaves the master modules in somewhat zombie state. E.g. it seems that security folks still reports [issues|https://bugzilla.redhat.com/show_bug.cgi?id=1960175] against the master module while maintainers cannot touch it. This should be properly addressed. All the master branches should be probably retired if they are not accessible
master
When do you need this? (YYYY/MM/DD)
When is this no longer needed or useful? (YYYY/MM/DD)
If we cannot complete your request, what is the impact?
We didn't retire master branch in module since it is associated to stream name. But this config disallows pushes to master branch.
@pingou Can you make that config not applicable to modules namespace?
modules
Metadata Update from @mohanboddu: - Issue tagged with: medium-gain, medium-trouble, ops
On a somewhat related note, issue #8887 was opened about 20 months ago to retire obsolete f26, f27, and f28 stream branches. That issue remains open.
f26
f27
f28
@pingou ping. To fix or close the above security issue ticket, I want to see the master branch will be retired, dropping the shipped modules.
Note that pingou is out on leave right now. :)
Metadata Update from @humaton: - Issue assigned to humaton
Moving refs/heads/master from BLACKLIST_RES to UNSPECIFIED_BLACKLIST_RES may just fix this.
refs/heads/master
BLACKLIST_RES
UNSPECIFIED_BLACKLIST_RES
In this list PDC is taken into account, so if PDC is active for that branch, pushing is allowed. If PDC is inactive/doesn't have this branch, then pushing is not allowed.
Worth double-checking in stg first though
I pushed the change to staging, lets try it out there and if everything is looking good, I will move it to prod.
https://pagure.io/fedora-infra/ansible/c/d731413fc51bfb79357b3fb62691d41a7da0c5b1?branch=main
Login to comment on this ticket.