[Django] #20953: git push -f in docs needs a stern warning
Django
-------------------------------+--------------------
Reporter: EvilDMP | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
https://docs.djangoproject.com/en/dev/internals/contributing/writing-code
/working-with-git/#rebasing-branches:
{{{
git push -f origin ticket_xxxxx
}}}
This should be accompanied by a note saying something like:
'''Never''' use `push -f` without specifying a remote, otherwise you may
be force-pushing changes to one or more unexpected remotes without even
realising it. If you force-push to the wrong remote, you ''will'' be
sorry.
Ways of avoiding accidents with `push -f` include:
* thinking twice and three times before using `push -f`
* never using `push -f`, and instead:
* deleting the branch on GitHub and pushing again, or:
* creating a new local branch with `git checkout -b <new-branch-name>
and pushing that
* using a password (Git with HTTPS) rather than your key (Git with SSH)
for your remotes' URLs
(perhaps there are some more elegant solutions).
--
Ticket URL: <https://code.djangoproject.com/ticket/20953>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: EvilDMP | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by mjtamlyn):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
I believe the elegant solution is to get the most up to date version of
git, or set the parameter (can't remember off the top of my head) that
will make sure that push by default only pushes the current branch.
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:1>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timo):
* type: Uncategorized => Cleanup/optimization
* stage: Unreviewed => Accepted
Comment:
See this [http://stackoverflow.com/a/948397/5112 answer from
stackoverflow].
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:2>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by EvilDMP):
It should also be possible to prevent force-pushes to Django on GitHub:
https://enterprise.github.com/help/articles/disable-force-pushes
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:3>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by mjtamlyn):
That is a piece of functionality in github enterprise, I don't think it
can be done on normal github.
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:4>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by EvilDMP):
Where the Working with Git docs say things like: `git remote add upstream
g...@github.com:django/django.git` this should say instead: `git remote add
upstream https://github.com/django/django`.
This isn't ''always'' read-only in the way that GitHub's now-deprecated
`git://` URLs are, but at least it requires a password, even if you have
write-access to the repository, when pushing.
Then of course the `git push -f` section in the docs needs a note with the
stern warnings mentioned above, and a mention of alternatives to `push
-f`.
(It's actually possible to delete a remote's push URL to prevent pushing,
but this is probably beyond the scope of this document.)
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:5>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by mjtamlyn):
I disagree. I do not want to encourage people to have to know their github
password well enough to type it regularly. HTTPS methods are largely there
to provide more help for people who ''can't'' use SSH - not as a better
alternative.
I think adding a section about the git functionality could be useful, but
mainly just '''never force push'''!
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:6>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by EvilDMP):
People who ''do'' want to push ''should'' use SSH. This is for people who
''don't'' want to find themselves pushing inadvertently, as I did last
week.
It's true that there will be a very small number of people who find
themselves in my position - with write access, and just enough knowledge
to be dangerous - but even one is quite enough.
I've been through a certain amount of discussion on #git and #github, and
even conversations with GitHub support about the deprecated 'git://'
format, and using HTTPS rather than SSH does seem to be regarded as an
acceptable way of putting up a barrier for oneself to accidental pushing.
But if that's not a good solution, and the documentation should no longer
say to use `push -f` after squashing, what ''should`` it say?
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:7>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by mjtamlyn):
Well there's no alternative to force pushing your squashed changes. Really
the only good solution here IMO is to document (for now) the improved git
options, and perhaps increase the warning.
Anyway, it's a very small edge case - it's not happened often and one
learns the lesson pretty quickly! The category of people with push access
who don't want to push to github is a pretty small category.
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:8>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by akaariai):
Hmmh, git has a pre-push hook as of 1.8.2. I am not sure if this could be
used to disable force-push, but this is worth exploring. I don't have
1.8.2 available on this machine, so I can't test this just now.
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:9>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by akaariai):
It seems the attached pre-push script can be used to prevent force pushing
(and accidental pushing/deletion of upstream branches, too). Requirements
are:
1) git 1.8.2 or later
2) change the pre-push variable django_origin to your django/django's
remote name (for me, upstream).
3) place the pre-push script (with that name) to .git/hooks/
**Do not test this against django/django.** This is a quick hack, so I
don't trust it enough for that. You can however test it against your own
github branches by changing the django_origin name.
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:10>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by anubhav9042):
Can't we just use:
{{{git push origin ticket_xxxxx --force}}}
I think that will not create any problem of not finding remote as we are
adding {{{--force}}} at the end.
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:11>
Django
Reporter: EvilDMP | Owner: nobody
Type: Cleanup/optimization | Status: closed
Component: Documentation | Version: master
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timo):
* status: new => closed
* resolution: => wontfix
Comment:
I don't think we need to get into the ramifications of force pushing as
these docs are aimed at contributors who won't be able to push to Django
anyway.
--
Ticket URL: <https://code.djangoproject.com/ticket/20953#comment:12>