Security issue: how to use HTTP user as Mercurial user
Igor Lautar
igor.lautar at gmail.com
Tue Jun 8 08:16:35 UTC 2010
On Tue, Jun 8, 2010 at 9:57 AM, Zeljko Trogrlic <zeljko_t at post.htnet.hr> wrote:
> I am still learning the spirit of DVCS, but I had a chance to learn a
> lot about corporate spirit in the last couple of years.
>
> Different standards (e.g. CMMI) and processes ask for possibility to
> reliably determine who did the changes, otherwise VCS is not compliant
> with them.
Well, not familiar with CMMI as such, but this should not be a problem.
In almost all cases, you are using different processed _before_ change
is commited.
For example, code is sent to review. You can argue that whoever sent
it is author of change,
even if code is commited by someone else.
Same problem would be with merges in subversion for example (author is changed).
But in corporate environment, you make your own policies, so policy can say that
everybody must use their own username and preserve original author, if needed.
I'm sure one could do some hooks that would track this as a way to
verify policy.
> On my opinion, because of this Mercurial is not feasible solution for
> corporate environment. What are your experiences?
See above, depending how you define policies and processes.
Mercurial handles ISO 9001 certification just fine.
Regards,
More information about the Mercurial
mailing list