We should have a pre-push hook that makes it difficult for contributors to push content we know contains security sensative changes. We have 3 ways of knowing this: 1) The commit a user is trying to push already exists on a different remote with a higher secuirty level than the target remote 2) The commit a user is pushing is a cherry-pick of a commit that already exists on a different remote with a higher security level than the target remote 3) The commit being pushed references a security issue. In most circumstances, we should outright block the first case and prompt the user for cases 2 and 3. The 'git-webkit publish' workflow should prompt the user in the first case, but block cases 2 and 3.
<rdar://problem/106216593>
Pull request: https://github.com/WebKit/WebKit/pull/11043
Committed 261526@main (604395a516c1): <https://commits.webkit.org/261526@main> Reviewed commits have been landed. Closing PR #11043 and removing active labels.
Committed 259548.415@safari-7615-branch (16c7018215b7): <https://commits.webkit.org/259548.415@safari-7615-branch> Reviewed commits have been landed. Closing PR #456 and removing active labels.
Re-opening for pull request https://github.com/WebKit/WebKit/pull/11652
Committed 261794@main (e52330471c00): <https://commits.webkit.org/261794@main> Reviewed commits have been landed. Closing PR #11652 and removing active labels.
Committed 259548.445@safari-7615-branch (539dd07a827f): <https://commits.webkit.org/259548.445@safari-7615-branch> Reviewed commits have been landed. Closing PR #478 and removing active labels.