Teaching protected branches without pretending risk is binary

Protected branches fail in real organizations because approvals become rubber stamps. We simulate a product owner who cares about copy changes and a security reviewer who cares about secrets, then force both to comment on the same pipeline change. The second paragraph introduces timed reviews: students experience how slow feedback erodes trust in automation, then redesign notification routing to keep humans in the loop without spamming them. Third, we cover emergency bypasses: break-glass merges exist, but every bypass generates a retro ticket automatically filed in the training tracker. The closing paragraph links branch strategy to deployment windows, reinforcing that Git mechanics cannot fix calendar conflicts.