As @webknjaz and I observed, we often observe repositories that have wrong or incomplete branch protection rules. This can lead to mistakes or even more dangerous security issues.

The good part is that ansible zuul is already able to automatically configure some of these permissions and it runs regularly.

Actions:

• record all projects nurtured by devtools team in a file inside this repository
• configure correct branch protection for each of out projects
• send email/slack/irc notification when config is changed
• if main zuul job cannot be used for that, we can create another pipeline on zuul or gha that does what we need