>> I protected the "master" branch in github so it should be impossible to push data directly.
sounds good, althoug in some cases (conflicts, etc..) it is much easier to do the merge locally and push to master than using github merge
We are using groups for the freeopcua project and there the rules I am applying is simply
1-) do not push to master (But sometimes I do it to fix quick bugs
2-) Someone else than the pull request author merge
It has worked very well. reviewing a patch usually only takes a few minutes.
I propose to use something similar here:
1-) do not push directly to master (only for merging)
2) If a group member disagree => wait
3) after 48 hours if 2 groups member approve request => merge
4) After one week if 1 group member approve request => merge
5) Simple bug fix can be merged directly