RESOLVED FIXED253354
[git-webkit] Add pre-push hook to prevent publication of security sensitive commits 
https://bugs.webkit.org/show_bug.cgi?id=253354
Summary [git-webkit] Add pre-push hook to prevent publication of security sensitive c...
Jonathan Bedard
Reported 2023-03-03 16:06:27 PST
We should have a pre-push hook that makes it difficult for contributors to push content we know contains security sensative changes. We have 3 ways of knowing this: 1) The commit a user is trying to push already exists on a different remote with a higher secuirty level than the target remote 2) The commit a user is pushing is a cherry-pick of a commit that already exists on a different remote with a higher security level than the target remote 3) The commit being pushed references a security issue. In most circumstances, we should outright block the first case and prompt the user for cases 2 and 3. The 'git-webkit publish' workflow should prompt the user in the first case, but block cases 2 and 3.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-03-03 16:06:50 PST
<rdar://problem/106216593>
Jonathan Bedard
Comment 2 2023-03-03 16:38:24 PST
Pull request: https://github.com/WebKit/WebKit/pull/11043
EWS
Comment 3 2023-03-10 13:18:30 PST
Committed 261526@main (604395a516c1): <https://commits.webkit.org/261526@main> Reviewed commits have been landed. Closing PR #11043 and removing active labels.
EWS
Comment 4 2023-03-14 10:25:51 PDT
Committed 259548.415@safari-7615-branch (16c7018215b7): <https://commits.webkit.org/259548.415@safari-7615-branch> Reviewed commits have been landed. Closing PR #456 and removing active labels.
Jonathan Bedard
Comment 5 2023-03-17 08:07:47 PDT
Re-opening for pull request https://github.com/WebKit/WebKit/pull/11652
EWS
Comment 6 2023-03-17 08:46:34 PDT
Committed 261794@main (e52330471c00): <https://commits.webkit.org/261794@main> Reviewed commits have been landed. Closing PR #11652 and removing active labels.
EWS
Comment 7 2023-03-17 11:26:24 PDT
Committed 259548.445@safari-7615-branch (539dd07a827f): <https://commits.webkit.org/259548.445@safari-7615-branch> Reviewed commits have been landed. Closing PR #478 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.