From 3926228a5d4e654c49d23a618a07668e91a4de02 Mon Sep 17 00:00:00 2001 From: "agable@chromium.org" Date: Wed, 19 Mar 2014 21:07:38 +0000 Subject: [PATCH] Remove force push from GitCheckout.commit() The CQ should not be able to force push -- this allows it to wipe out legitimate commits if something goes wrong internally. This happened recently, with a CQ commit orphaning 20 commits from the previous few days. This may have happened any number of times previously, probably only wiping out one commit at a time, whenever there was a race between the CQ and a developer's direct commit+push. Repositories should also protect themselves by disallowing force push in their ACLs. BUG=261619 Review URL: https://codereview.chromium.org/196573041 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@258092 0039d316-1c4b-4281-b951-d872f2087c98 --- checkout.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkout.py b/checkout.py index 1c9c63874..141bf2584 100644 --- a/checkout.py +++ b/checkout.py @@ -749,7 +749,7 @@ class GitCheckout(CheckoutBase): # Push to the remote repository. self._check_call_git( ['push', 'origin', '%s:%s' % (self.working_branch, self.remote_branch), - '--force', '--quiet']) + '--quiet']) # Get the revision after the push. revision = self._get_head_commit_hash() # Switch back to the remote_branch and sync it.