Andreas Enge <[email protected]> writes: > In this case, by accident we ended up with a commit on HEAD of master > that was not properly signed (more precisely, for which the key was not > properly added to the keyring branch). So it lacked authentication, > and the (almost only, but certainly most reasonable) way of obtaining > authenticated checkouts again was forcefully removing it.
Thank you for clarifying! > It stayed on master only very shortly, but maybe we should in such a > case nevertheless make an official announcement on the devel list? Couldn't a git push hook have prevented this? Or always push to 'main' and then some robot merges things to 'master' if things verify. What is the end-user situation when this happen? What is the recovery process? Maybe that is worth documenting somewhere, since I suspect this may happen again (for justifiable reasons). /Simon
signature.asc
Description: PGP signature
