From 2c89d08d7eff7007b4ef48aa333085d20cd74bb9 Mon Sep 17 00:00:00 2001 From: Patrick Georgi Date: Thu, 11 Nov 2021 21:50:05 +0000 Subject: [PATCH] Documentation: Add warning about "private" changes on Gerrit Private changes on Gerrit are a tricky beast in that they're well hidden in the UI and a few other places but still reachable under certain circumstances. Change-Id: I1c8c6cccfd023bc1d839dc5d9544204c88f89c7e Signed-off-by: Patrick Georgi Reviewed-on: https://review.coreboot.org/c/coreboot/+/59229 Tested-by: build bot (Jenkins) Reviewed-by: Felix Singer --- Documentation/getting_started/gerrit_guidelines.md | 6 ++++-- Documentation/tutorial/part2.md | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Documentation/getting_started/gerrit_guidelines.md b/Documentation/getting_started/gerrit_guidelines.md index 8c91615604..68b5cc43c0 100644 --- a/Documentation/getting_started/gerrit_guidelines.md +++ b/Documentation/getting_started/gerrit_guidelines.md @@ -193,8 +193,10 @@ the wip flag: * When pushing patches that are not for submission, these should be marked as such. This can be done in the title ‘[DONOTSUBMIT]’, or can be pushed as private changes, so that only explicitly added reviewers will see them. These -sorts of patches are frequently posted as ideas or RFCs for the community -to look at. To push a private change, use the command: +sorts of patches are frequently posted as ideas or RFCs for the community to +look at. Note that private changes can still be fetched from Gerrit by anybody +who knows their commit ID, so don't use this for sensitive changes. To push +a private change, use the command: git push origin HEAD:refs/for/master%private * Multiple push options can be combined: diff --git a/Documentation/tutorial/part2.md b/Documentation/tutorial/part2.md index 4ac857473d..964057e7ec 100644 --- a/Documentation/tutorial/part2.md +++ b/Documentation/tutorial/part2.md @@ -173,7 +173,9 @@ When you are done with your commit, run `git push` to push your commit to coreboot.org. **Note:** To submit as a private patch, use `git push origin HEAD:refs/for/master%private`. Submitting as a private patch means that your commit will be on review.coreboot.org, but is only visible to -yourself and those you add as reviewers. +yourself and those you add as reviewers. This mode isn't perfect: Somebody who +knows the commit ID can still fetch the change and everything it refers (e.g. +parent commits). This has been a quick primer on how to submit a change to Gerrit for review using git. You may wish to review the [Gerrit code review workflow