Force user to be System user?
Greg Ward
greg-hg at gerg.ca
Thu Aug 6 20:53:20 UTC 2009
On Thu, Aug 6, 2009 at 3:42 PM, Michael Thomas<mlists at bigrideau.com> wrote:
> Is there a way to force the user name of the commiter to be that of the
> user account being used? My naive understanding is that using -u one
> can make the user be anything one wants? In that scenario how do people
> audit who has commited what?
No. If we implemented that, a determined attacker would just modify
their version of Mercurial to do what they want. Committers have
total control over their repository.
(Also: if you trust people enough to let them push to a central
repository, you should trust them enough not to lie about their
identity. If you don't trust them, don't trust them.)
Possible answers:
* verify author names at push time: e.g. you might have a designated
"push here first" repository, and a hook there to ensure that each
user can only push his own changesets. This could get annoying.
* cryptographic signing of each changeset. This was discussed a few
months ago here; I think the outcome was an extension that improves
matters, but falls short of crypto-geek nirvana.
Greg
More information about the Mercurial
mailing list