---
type: change
message: |-
Support non-fastforward commits
This includes:
* adding a filter to accessctl which can be used to allow non-ff commits, and
augmenting the default access controls to deny non-ff commits for master.
VerifyCommits was then modified to use that new functionality, and then tests
were added to cover that.
* adding a `VerifyBranchCanSetHEADTo` method, and using that in the pre-receive
hook rather than putting all the logic in the hook itself.
`VerifyBranchCanSetHEADTo` is thoroughly tested, and the tests for it ended up
uncovering some broken aspects of `VerifyCommits` as well, so those are fixed
too.
change_hash: ACTyCsTFBnAjGAek355IU3I6MioLIx5mb1mS4YjMUrF5
credentials:
- type: pgp_signature
pub_key_id: 95C46FA6A41148AC
body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl6jPvsACgkQlcRvpqQRSKxfag/+JD8bs7zbFZc3XzLWz3vOhPl3OaxdXbQoqlCVywBSZ1dHrJ7BtbTltQpRgNRv+Khs/ibQAUphDFKsAauF7IKZu2fcluMYH1kulEZsYzHFZUz3zDNcPtZhD/KdPgBRSa4tv76iaeCvGGv7Eb9zHxzYiXofkf8Bkn7n63D3aE1N3MhceSPAU07johiZnjXpb2UGonLq1kQlCcEAy57H82iv0N21QjJmZ/bSNgT9d6c9kEb4lmOCs1ZWvW7kzqVLXkhgZ2/77nLKTaFvsTjA6MOodD2vrLQ4KmHmWLjYA2PmqMLkSKoMIUQhatIZiBiJNvF0HztPiIhCJLVwu5eGnVGQwMR74IOBoATlb8R7FuqOhX70b4B0W8O7ovIDWM5dNatKyrzJkJ9lWPX61dP6cx7cshM3dQAr+Xmjvu2CTllIFg01b0j3Ec0epbbXbb5QsuWleaEbsqatktRMiISC/6ix2ijH/n5vYq9GsDS9VhpsXLHdBVIiveorAXr92BR0wrHF2p7sSy7sptcmNLXe4SlJVHi4AHw7qbixoZKo4mPQepsxaIbeBNG74X0Wg4MGKDBUfQ2kX8JpU4jq/ZVDBGAY6CfH9s1Zns4BVQBokBeCUgh3Iik6NzeKAiPTNnD20JfXxaX1OfJIwP8yopUnqJQXdjqV0KFPRym0VNZyCXQEHFU=
account: mediocregopher
---
type: change
message: |-
Give the project a proper root, dehub.dev/src/dehub.git
"dehub" was being used as a placeholder up till this point, but now that the
project has matured enough to have a home, and people will want to be installing
the binary, it's time to give it a proper import root.
change_hash: ADTjLNnPARatUjx6HDo7m3O+0KUcWvcMJq1kNrj9++PU
credentials:
- type: pgp_signature
pub_key_id: 95C46FA6A41148AC
body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl6BECkACgkQlcRvpqQRSKyeJBAAocdHTs8AB2u9kZmMcJNf136Cq8KWjglvhuH49Nj9ILkeGOBF7+fIHBRSYxBQm4IIDWsjaQaRRhESJxKrkHUd7BG/z5iVsCfjYTyY7LPgv0oYJKEGbPOF2LDK2fuLLpRlA5v1fwamTdFYxs5j7yxW7weWiiKEgjMGjOiWQCWuqhw8rwOG6vjvYttQ5pekI7GvkdqWe+qODKmIF9xFFuhz7BMsFUAAwLz97W1wZkHA+O1BXGTe9hGwH88RY9IGJZftA6wuGes/SqwWJk+hpb89KV1yR0woMrwz7ITZZeNBboXO7KyxUXrfiLtxeRD4t15tJkdRY0FbIZvNCktviTqjPXOtoVh7c3m3p/LR5vcbgYDxaZKk51DYruovfaRI96Q9CYCK2kVb2PIJ4BJhlsUPzw8AWNVxXFECYZNEZly10hqNh4Xophr/x7PWOmoPoKL2PvXLtOHzk0r4Tw6JqUaC+7/08U/+lhlSKFKLdCj7Xru57qB7gxgd+P3g4rfqjIHqiB4tlViqR5RV7V8Z/goBMJg2uOJXIJGvwEZF9nj+QDgaofImMiQmcLrE6IBCYEELYz274w/6ugSCcdwVIC/n3VHuNY4zJDKN7Q/FgI9/GBS7UoNhTaHF2JmSKR9ErMKpm3PYPZr/VnsaXjfCBO5bVquvWLzfJ9aQ4t+tsRkuAvQ=
account: mediocregopher
---
type: change
message: |-
completely refactor accessctl (again)
This time it's using an actual access control list system, rather than whatever
it was doing before. The new system uses a Filter type, rather than Condition,
to decide which acl element should have its action (allow or deny) applied. This
makes testing way easier, since all the different matching conditions are now
individual filters, and so are tested individually.
change_hash: AFgN0hormIlO0VWkLKnAdSDZeVRbh0Wj8LLXOMVQEK+L
credentials:
- type: pgp_signature
pub_key_id: 95C46FA6A41148AC
body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5yoi8ACgkQlcRvpqQRSKwo/g//QkSA80APnPtwcibNeaoUwduH1Xim8pmi5JScKGsOypYkE0Iy+fO3fRNz4r7Tm6qNn7O04fDsiXlxPojxn7+NDFCQArVgoJk3jVTRDBW7LpahWJsYPP1SBjGtaR9o0bOpclXblTMIcteTkLM94AeASqLaEY8StO+5PX/82AkFRQ8E6m9R2HCmgwbBhqwWp8936x8ekMFbSSi0TMIyV4rpd0wj4mjvjjBwa3ArGmH/ynwabPCFuuqMT6996N1zoDn5EqZA5jGrf+Q7rxsI6t1bOnLmg9NGMQYRaZLAVZrp5P6G5XR3et4Gz/2AphAEgYJM3yLbEjZW6Daa77CgTNHXde7gCaWqyfcKlVGPi29/O+2IXhpjwxHwGpsBgEdX9227zapL+jwSAOdUVj8n6C8I8BGqpT7rTwA53yxlbSwXlkttvAn/lGT5X4lK74YfkzMXMEBZKzsb/dQEPyP2Y+AG6z2D4Bs/4szsCiUXF9aG2Yx1o45lVXTTdPUNLIsnhBjM7usbQRg8i5kC+OC9AVCi8E+lf0/Qgp0cUb6QLH47bHvDTH7UluY1bgSLZy+Zjaisvl3a0aK/UspywWN/fFgOrz2cDw232n8IC+Zi4LSKm7dXDRFbC1JNzrwAPP1ifboOrltwKroOsDNaVGhX8ABahNjmrUO4JgE7gvX+zxXb+/I=
account: mediocregopher