Issue 647: Pushing commit objects when pushing tags should be disallowed
Status:  Accepted
Owner: ----
Reported by tobias.o...@sap.com, Jul 30, 2010
I discovered by coincidence that Gerrit allows me to push tags that point to commit objects not yet present in the Git repository. The result was as if the repository was not managed by Gerrit: Git uploaded the tag and all new commit object.

I was surprised that Gerrit did not prevent me from doing so because I did not have any "Push Branch" rights and I nevertheless was able to circumvent the code review process. Sure, you wouldn't give the push tag right to just everyone, but still I don't think that "Push Tag" rights should imply the right to push changes without review.

It probably should be configureable if pushing commit objects together with tags is allowed. I would also be happy if Gerrit always prevents this, because I don't see any use case for doing what I accientially did.
Aug 2, 2010
#1 sop@google.com
(No comment was entered for this change.)
Status: Accepted
Oct 18, 2010
#2 tobias.o...@sap.com
Just saw another accident related to this issue: 
- Developer 1 proposes a change.
- Developer 2 amends the change and pushes it to Gerrit.
- Developer 1 approves and submits the amended change. Next he wants to tag that version as the new release, but forgets to fetch the approved patch set 2. Result patch set 1 gets tagged as the release version, although it is not in the master branch.