Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-enable auto-merge for modifications #30

Open
politician opened this issue Feb 20, 2022 · 4 comments
Open

Re-enable auto-merge for modifications #30

politician opened this issue Feb 20, 2022 · 4 comments

Comments

@politician
Copy link
Member

politician commented Feb 20, 2022
edited

Following @rmetzler's proof that relying on an unverified git committer (and author) is inherently not secure, I have disabled the auto-merge functionality for modifying records.

Some food for thoughts for re-enabling it:

  • Inspect the PR info given to GitHub actions see if there's something useful there (eg. the github username?)
  • Only accept modifications from signed commits
  • ???
This was referenced Apr 3, 2022
Merged
Open
@ArtieFuzzz ArtieFuzzz mentioned this issue May 21, 2022
Closed
This was referenced May 24, 2022
Merged
Closed
@ArtieFuzzz ArtieFuzzz mentioned this issue May 28, 2022
Merged
@ArtieFuzzz ArtieFuzzz mentioned this issue Jun 13, 2022
Closed
@ArtieFuzzz
Copy link
Collaborator

ArtieFuzzz commented Jul 7, 2022
edited

Enabling Branch Protection and enabling the Require signed commits rule could work.

Just found this today.

To enable:

Settings > Branches > Add branch protection rule

  • Input branch name or a branch name pattern
  • Check the Require signed commits rule
  • Create

@ArtieFuzzz ArtieFuzzz mentioned this issue Jul 19, 2022
Closed
@ArtieFuzzz ArtieFuzzz mentioned this issue Sep 12, 2022
Closed
@ArtieFuzzz ArtieFuzzz mentioned this issue Sep 26, 2022
Open
This was referenced Nov 29, 2022
Closed
Open
@py660
Copy link
Contributor

py660 commented Mar 10, 2023

@politician could you change the nameservers on chess.cluster.ws to the afraid.org nameservers?

@akuwebhost
Copy link
Contributor

akuwebhost commented Apr 8, 2023
edited

@politician help me change "my.wip.la" to [ns1.desec.io, ns2.desec.org]
change ns PR #818
register PR last time #753

~Thank you in advance

@py660
Copy link
Contributor

py660 commented Apr 10, 2023

Signed commits could work so that the GH Actions program checks for either a modification of one line, OR a modification of many lines but all belonging to the same committer, but then this might increase confusion for people who use their email and their noreply@github email interchangeably. Such a change would probably take a couple months to a whole year, depending on the amount of activity present on this repository.

@dornkholland dornkholland mentioned this issue May 7, 2023
Open
This was referenced Mar 28, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@akuwebhost @politician @ArtieFuzzz @py660