If a change is cherry-picked to a secret branch posting a change message
on the source change that contains the target branch name leaks the
secret branch name.
Posting a change message on the source change that says to where it was
cherry-picked is convenient but not totally required. On the change
screen there is an own section that shows cherry-picks and it's easy to
look there to find out to which branches a change was cherry-picked.
This section only shows changes that are visible to the user and hence
doesn't leak secret branch names.
We expect that nobody relies on this message, especially since
cherry-picks that are done locally and then pushed to Gerrit don't
trigger such a message and hence one can never be sure that such a
message exists.
Alternatively it was considered to just drop the branch name from the
change message and leave the message as:
This patchset was cherry picked as commit <SHA1>.
However in this case users might see SHA1s that are not visible to them
and it might confuse them that they get a Not Found when trying to look
them up.
Change-Id: Ic0087798d948a651338f071ffcba7b4e821cc56c
Signed-off-by: Edwin Kempin <ekempin@google.com>
9451430a5a