Is there reason 3.6 branch is not restricted?

I noticed miss-islington was able to merge a PR to 3.6 branch.(

I expected that only administrator or 3.6 release manager can merge to this branch. We used to have a branch protection rule.

However I just checked the protection rule for 3.6, but it was not restricted at all. It seems like anyone with write access (core developers and the bots) can merge to 3.6 branch.

Just checking if this was intended, or do we need to revert the commit?

Thanks, @Mariatta, for noticing! That was my fault from the release engineering during the last release candidate. It should be fixed now.

If anyone notices something like that happening again or any other question regarding a cpython branch, please contact the appropriate release manager directly!

And, in this case, the PR merged was for a CVE-tracked security fix in libexpat so it definitely belongs in 3.6. Thanks, @benjamin!

Great, thanks!