[3r7j6qzi9jvnve]

> how do we actually know that that pull request has gone through all the checks

gerrit flags all reviews and checks into git notes, which can be downloaded and displayed with a little bit of configuration: https://tylercipriani.com/blog/2022/11/19/git-notes-gits-coo...

This doesn't prevent an admin from cheating and editing the notes manually, but it's a good audit trail if you trust the "forge".

[maccard]

> This doesn't prevent an admin from cheating and editing the notes manually, but it's a good audit trail if you trust the "forge".

If one of the values of Git as a DVCS is that you don't need to trust the forge, this seems like it removes one of the core features of git to me.

[evgpbfhnr]

People trust the forge all the time; if someone wants to mess with github (say, feed a different repo for everyone except developers using whatever it is they usually interact with the git with (ssh or their IP or whatever), it'd take a while to notice -- if they do that for existing releases archives distros might notice but for a new tag? I'll bet no-one sees it)

From a pure git perspective, notes are normal objects so if everyone fetches the notes regularly they'll notice if they're tempered with just like regular commits iirc. I think you can add notes after the fact but not modify what's there?