Force user to be System user?

Greg Ward greg-hg at gerg.ca
Thu Aug 6 20:53:20 UTC 2009


On Thu, Aug 6, 2009 at 3:42 PM, Michael Thomas<mlists at bigrideau.com> wrote:
> Is there a way to force the user name of the commiter to be that of the
> user account  being used? My naive understanding is that using -u one
> can make the user be anything one wants? In that scenario how do people
> audit who has commited what?

No.  If we implemented that, a determined attacker would just modify
their version of Mercurial to do what they want.  Committers have
total control over their repository.

(Also: if you trust people enough to let them push to a central
repository, you should trust them enough not to lie about their
identity.  If you don't trust them, don't trust them.)

Possible answers:

  * verify author names at push time: e.g. you might have a designated
"push here first" repository, and a hook there to ensure that each
user can only push his own changesets.  This could get annoying.

  * cryptographic signing of each changeset.  This was discussed a few
months ago here; I think the outcome was an extension that improves
matters, but falls short of crypto-geek nirvana.

Greg




More information about the Mercurial mailing list