Nice catch, Patrick. I used this feature long ago [1], but as the Gerrit guidelines note we can now mark patches as WIP in the UI or just put [DONOTSUBMIT] in the summary line if a patch isn't ready for review. Furthermore, these days it's very easy to set up one's own git repo and access controls using services such as Github, Gitlab, etc.
IMO it's best to keep the feature disabled so that people don't make wrong assumptions.
[1] https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/message/XT25...
On Thu, Nov 11, 2021 at 3:05 PM Patrick Georgi via coreboot < coreboot@coreboot.org> wrote:
Hi everybody,
it came to my attention that changes marked "private" on Gerrit are hidden in the UI but easily accessible through gitiles and with "git fetch".
I don't think it matters for most cases, but since we advertised it as being accessible for the owner and individual reviewers, I didn't want to keep things exposed, especially not after there's an announcement that such access is possible (as through this email). Therefore I:
- disabled the "private" CL feature in the Gerrit UI, so you can't mark
changes as private
- created per-account git bundles[1] of their private CLs. Since I don't
want to spam a few hundred users with stuff they might not care about, this is a pull transaction: if you want them, reach out to me.
- removed the private commits and references from the coreboot.git repo.
You might still see the changes in the UI but that's due to its aggressive caching: The UI actually honors the private flag, so that's not a concern and all other means of accessing commits access the repo and will fail on these now-gone commits.
https://review.coreboot.org/c/coreboot/+/59229 also proposes updating the docs to remove mentions of the "private change" feature.
As an alternative we could also decide to re-enable the feature but with documentation pointing out that there are ways for motivated unauthenticated users to access these commits, which makes them more of a structuring feature (keep things out of sight until they're ready). In that case I could also reinstate the commits I deleted from the repo.
Thoughts?
Best regards, Patrick
[1] https://git-scm.com/docs/git-bundle _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org