Change in coreboot[master]: Documentation: Add warning about "private" changes on Gerrit - coreboot-gerrit

22 Nov 2021

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/59229 )
Change subject: Documentation: Add warning about "private" changes on Gerrit
......................................................................
Documentation: Add warning about "private" changes on Gerrit
Private changes on Gerrit are a tricky beast in that they're well hidden
in the UI and a few other places but still reachable under certain
circumstances.
Change-Id: I1c8c6cccfd023bc1d839dc5d9544204c88f89c7e
Signed-off-by: Patrick Georgi pgeorgi@google.com
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59229
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by:  Felix Singer felixsinger@posteo.net
---
M Documentation/getting_started/gerrit_guidelines.md
M Documentation/tutorial/part2.md
2 files changed, 7 insertions(+), 3 deletions(-)
Approvals:
  build bot (Jenkins): Verified
   Felix Singer: Looks good to me, approved

diff --git a/Documentation/getting_started/gerrit_guidelines.md b/Documentation/getting_started/gerrit_guidelines.md
index 8c91615..68b5cc4 100644
--- a/Documentation/getting_started/gerrit_guidelines.md
+++ b/Documentation/getting_started/gerrit_guidelines.md
@@ -193,8 +193,10 @@
 * When pushing patches that are not for submission, these should be marked
 as such. This can be done in the title ‘[DONOTSUBMIT]’, or can be pushed as
 private changes, so that only explicitly added reviewers will see them. These
-sorts of patches are frequently posted as ideas or RFCs for the community
-to look at. To push a private change, use the command:
+sorts of patches are frequently posted as ideas or RFCs for the community to
+look at. Note that private changes can still be fetched from Gerrit by anybody
+who knows their commit ID, so don't use this for sensitive changes. To push
+a private change, use the command:
         git push origin HEAD:refs/for/master%private
* Multiple push options can be combined:
diff --git a/Documentation/tutorial/part2.md b/Documentation/tutorial/part2.md
index 4ac8574..964057e 100644
--- a/Documentation/tutorial/part2.md
+++ b/Documentation/tutorial/part2.md
@@ -173,7 +173,9 @@
 coreboot.org. **Note:** To submit as a private patch, use
 `git push origin HEAD:refs/for/master%private`. Submitting as a private patch
 means that your commit will be on review.coreboot.org, but is only visible to
-yourself and those you add as reviewers.
+yourself and those you add as reviewers. This mode isn't perfect: Somebody who
+knows the commit ID can still fetch the change and everything it refers (e.g.
+parent commits).
This has been a quick primer on how to submit a change to Gerrit for review
 using git. You may wish to review the [Gerrit code review workflow
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/59229
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I1c8c6cccfd023bc1d839dc5d9544204c88f89c7e
Gerrit-Change-Number: 59229
Gerrit-PatchSet: 3
Gerrit-Owner: Patrick Georgi patrick@coreboot.org
Gerrit-Reviewer:  Felix Singer felixsinger@posteo.net
Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com
Gerrit-Reviewer: Patrick Georgi patrick@coreboot.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    