Access control - author authenticity using a shared integration repository
Martin Geisler
mg at lazybytes.net
Wed Dec 30 11:36:59 UTC 2009
Stanimir Stamenkov <s7an10 at netscape.net> writes:
> I'm evaluating various aspects of using Mercurial in the workflow we
> employ in my company. So far I'm trilled about the ease Mercurial
> integrates into our workflow and that it actually corrects some
> shortcomings we currently have.
That's great to hear!
> [...] So it should be possible for a user to push changesets of other
> authors. In this scenario I don't see anything preventing a user to
> forge a changeset with the credentials of another. How do you deal
> with this?
You don't :-) It is my my opinion that if you trust and Alice and Bob to
push changes directly to a repository, then you should also trust them
not to forge changesets in inappropriate ways.
I say 'inappropriate' since being able to commit changes under a "false"
identity is a feature. I use it once in a while to make a commit to
Mercurial under the name of some third-party contributor who might not
have had the time to send a proper patch.
It's also useful for me to take a patch received on the mailinglist,
import it into mq and edit it slightly. When I qfinish the patch to turn
it into a proper changeset, I want the original contributors name to be
preserved.
> Is there trace of the push operations - who have done and what
> changesets have been added with them?
Not by default. But if you search for 'pushlog', then you'll find
http://mercurial.selenic.com/wiki/SonicHgExtension
and
http://hg.mozilla.org/mozilla-central/pushloghtml
I'm not sure where the code is for the Mozilla pushlog, but I'm sure you
can find it if you ask them.
--
Martin Geisler
VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multiparty Computation) to Python. See: http://viff.dk/.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.mercurial-scm.org/pipermail/mercurial/attachments/20091230/c2aa1e38/attachment.asc>
More information about the Mercurial
mailing list