You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I understand the practical reasons for needing to make exceptions in specific edge cases, but I also worry that the safe expunging process may still be worded too broadly. As in, the level of trustworthiness in a source repo at L2 still isn't super high, so what's to stop a rogue/malicious repo admin from abusing the safe expunging exception, especially since there's no documentation requirement? I'm wondering if it might make sense to raise the level at which such exceptions are permitted to make sure certain controls are in place and/or narrow the scope of the safe expunging process.
Let's make sure we're happy with this process before release.
The text was updated successfully, but these errors were encountered:
Administrators have the ability to expunge (remove) content from a repository and its change history without leaving a record of the removed content.
I'm trying to understand the "without leaving a record" requirement. Would we have no trace of an object whatsoever? As in, not even its git ID / digest?
In #1094 (comment) @marcelamelara said
Let's make sure we're happy with this process before release.
The text was updated successfully, but these errors were encountered: