Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] Announcement: disabling force-push on the main branch for projects hosted on GitHub

Dear Committers,

As part of our ongoing commitment to help you with strengthening the security and integrity of your projects, we've recently implemented measures like enforcing two-factor authentication (2FA) and enabled self-service options. Today, we're introducing another important change: we will disable force-push on main branches across all repositories of projects hosted on GitHub.

Force-pushing allows the commit history of a repository to be rewritten, which can pose a security risk. It can obscure the tracking of changes, making it difficult to maintain a clear audit trail and potentially hiding unauthorized modifications. By disabling force-push on main branches, we aim to:

  • Protect code integrity: ensuring that the commit history remains consistent and tamper-proof.
  • Enhance auditing capabilities: making it easier to track changes and review the evolution of the codebase.
  • Support team collaboration: preventing accidental overwrites or loss of work, and encouraging best practices like pull requests and code reviews.

This aligns our GitHub repositories with the standards already in place for projects hosted on our GitLab instance at https://gitlab.eclipse.org/, where force-push is disabled by default.

This change will take effect on 20 November 2024. Please adjust your workflows accordingly before this date.

You may need to modify your development practices to accommodate this change. Instead of force-pushing to the main branch, consider working within feature branches and merging changes through pull requests. This approach not only preserves the integrity of the commit history but also fosters better collaboration and code quality through peer reviews.

We understand that this may require some adjustments, and we're here to support you during this transition. If you have any questions or concerns, or if a special situation arises where force-pushing to the main branch is necessary, please feel free to join the discussion and let us know or open a support ticket on the Eclipse Foundation help desk.

Thank you for your understanding and cooperation as we continue to improve our development processes.

Kind regards,

Mikaël Barbero on behalf of the Eclipse Foundation Security Team
Head of Security | Eclipse Foundation
🐦 @mikbarbero
📅 Book an appointment
Eclipse Foundation: The Community for Open Innovation and Collaboration


Back to the top