Am Do., 9. Jan. 2020 um 06:46 Uhr schrieb Mike Banon mikebdp2@gmail.com:
It would be nice if the deleted commits get moved to some archive outside of Gerrit instead of being simply removed, to ensure that if anyone else is interested in these commits, they could be restored.
That's not easily done and I guess there are higher priority issues we need to deal with in our infrastructure.
That said, there's https://mail.coreboot.org/hyperkitty/list/coreboot-gerrit@coreboot.org/ which contains a full set of changes that you can download as an mbox mail archive containing the patches, and you can subscribe to get future changes sent to your mail server.
In example, if your Gerrit gets hacked, or simply forgot to log out on
another PC and someone malicious removed a few changes, there should be a guaranteed way to restore them.
If Gerrit gets hacked, the hacker could just as well do the removal for good. To deal with such a threat, we need to rely on separate infrastructure. To deal with critical events, we have nightly backups of the server's data stored on multiple separate machines (in a different location), keeping the latest few weeks around. Therefore as long as issues are discovered reasonably quickly, we can recover things that were kept on our infrastructure for more than 24 hours.
As for the threat of somebody abusing an open session, we restrict the lifetime of a gerrit session to guard against that, but we can't make it so short that it annoys active developers.
Patrick