Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 2c89d08d7eff7007b4ef48aa333085d20cd74bb9^! / .
commit2c89d08d7eff7007b4ef48aa333085d20cd74bb9[log] [tgz]
authorPatrick Georgi <pgeorgi@google.com>Thu Nov 11 21:50:05 2021 +0000
committerPatrick Georgi <patrick@coreboot.org>Mon Nov 22 16:28:51 2021 +0000
tree89dc7bf34bf03be983f471b134af7d81e074215d
parent63c0fd2dbe20b7cb9c518b04e95ffe5695c651f1 [diff]
Documentation: Add warning about "private" changes on Gerrit

Private changes on Gerrit are a tricky beast in that they're well hidden
in the UI and a few other places but still reachable under certain
circumstances.

Change-Id: I1c8c6cccfd023bc1d839dc5d9544204c88f89c7e
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59229
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by:  Felix Singer <felixsinger@posteo.net>

diff --git a/Documentation/getting_started/gerrit_guidelines.md b/Documentation/getting_started/gerrit_guidelines.md
index 8c91615..68b5cc4 100644
--- a/Documentation/getting_started/gerrit_guidelines.md
+++ b/Documentation/getting_started/gerrit_guidelines.md

@@ -193,8 +193,10 @@
 * When pushing patches that are not for submission, these should be marked
 as such. This can be done in the title ‘[DONOTSUBMIT]’, or can be pushed as
 private changes, so that only explicitly added reviewers will see them. These
-sorts of patches are frequently posted as ideas or RFCs for the community
-to look at. To push a private change, use the command:
+sorts of patches are frequently posted as ideas or RFCs for the community to
+look at. Note that private changes can still be fetched from Gerrit by anybody
+who knows their commit ID, so don't use this for sensitive changes. To push
+a private change, use the command:
         git push origin HEAD:refs/for/master%private
 
 * Multiple push options can be combined:

diff --git a/Documentation/tutorial/part2.md b/Documentation/tutorial/part2.md
index 4ac8574..964057e 100644
--- a/Documentation/tutorial/part2.md
+++ b/Documentation/tutorial/part2.md

@@ -173,7 +173,9 @@
 coreboot.org. **Note:** To submit as a private patch, use
 `git push origin HEAD:refs/for/master%private`. Submitting as a private patch
 means that your commit will be on review.coreboot.org, but is only visible to
-yourself and those you add as reviewers.
+yourself and those you add as reviewers. This mode isn't perfect: Somebody who
+knows the commit ID can still fetch the change and everything it refers (e.g.
+parent commits).
 
 This has been a quick primer on how to submit a change to Gerrit for review
 using git. You may wish to review the [Gerrit code review workflow