Proving ownership of code with mercurial?

Giorgos Keramidas keramida at ceid.upatras.gr
Tue Jan 1 16:49:25 CST 2008 

On 2008-01-01 22:43, Francesc Esplugas <francesc.esplugas at gmail.com> wrote:
>
> I've been working on a project for 3 months and now I've to prove
> somehow the ownership of all the code I've done.
>
> All the code has been managed with Mercurial, so I can list the logs
> and diff's to show all my work but I want to explain somehow to the
> company that this code "is originally created by me". I understand
> that each time I make a commit to Mercurial this code gets signed but
> the company can say that I modified the repos an replaced all the
> commit authors with my name.
>
> Is there any document out there that talk about how Mercurial manages
> data and how to prove trust of each commit made?

A short summary of what I think about this is: there may be *no* answer
that is good enough.

The longer description is ...

This is ultimately, not a technical problem, but a social one.  For
example, even if you had not used Mercurial, but SCM system `$FOO',
which stores its repository in a central host called `repoman', someone
who doesn't trust commit logs could ask you to prove that you haven't
tinkered with the central repository storage area too.

I'm not sure if there is a solid *technical* argument that can be made
by explaining what a commit log contains, how they are created, where
they are stored, how they are replicated, and how SSH tunnelling worked
every time they were pushed to the `company systems'.

After all, even if you explicitly show commit logs and correlate them
with traces of SSH login connections to a centrally managed `repoman'
server, one who is determined *NOT* to accept your word for it can
easily suggest that you have been sharing your SSH key with an
arbitrarily large team of others.  Then you are outside of the realm of
Mercurial, or any $SCM for that matter, and into the only realm where
this question makes sense: the non-technical place where `trust' is
defined by some as of yet unstated set of criteria :/

I am not sure, having written all the above, if the original question
makes any sense...

Giorgos

More information about the Mercurial mailing list