Audit manual-resolving-conflicts in arc land?

Hi,

We want to enforce code review on all changes. However, we realized that, during arc land, when there is a need to resolve conflicts after rebase, one can make any arbitrary change to the affected files, as long as not deleting or adding files. Is it possible to trigger an audit if manually resolving conflicts happened?

Thanks!

I’m wondering, is herald rule enough to do this?

Any suggestion will be appreciated. Thanks

Authors can make changes even if don’t need to resolve conflicts - see https://secure.phabricator.com/book/phabricator/article/differential_faq/#why-does-an-quot-accepted-quot.
You could replace arc land with a server-side landing via https://secure.phabricator.com/book/phabricator/article/differential_land/ but even then, an attacker can have different code reviewed and committed.

You can have audit/prevent commits that have no revision at all, but that’s not enough to stop a committed attacker.

I believe the general suggestion with this issue is “don’t let untrusted users push code”; This is not completely unreasonable, as non-trusted users can still arc diff, you just need some trusted user to perform the actual landing.

1 Like

Thanks. We have turned off sticky-accpet. So that shouldn’t be an issue.