Yesterday, a commit was pushed by mistake to the release branch v11.x (nodejs/node#24389 (comment)).
To prevent this from happening again in the future, I would like to discuss the possibility of requiring pull request reviews before merging to release branches.
I think we don't need to require more than one review. To me, this seems like a good thing to do to prevent mistakes but also to have more collaborators involved in the release process. I always ping @nodejs/collaborators in release PRs but often get no comments or suggestions regarding the changelog.
Additionally, since all releasers must have a GPG key to sign the release tag, we could also require signed commits.
Yesterday, a commit was pushed by mistake to the release branch
v11.x(nodejs/node#24389 (comment)).To prevent this from happening again in the future, I would like to discuss the possibility of requiring pull request reviews before merging to release branches.
I think we don't need to require more than one review. To me, this seems like a good thing to do to prevent mistakes but also to have more collaborators involved in the release process. I always ping
@nodejs/collaboratorsin release PRs but often get no comments or suggestions regarding the changelog.Additionally, since all releasers must have a GPG key to sign the release tag, we could also require signed commits.