User masquerading - audit trail?
Dirkjan Ochtman
dirkjan at ochtman.nl
Sat Oct 4 16:30:10 CDT 2008
Kurt Granroth wrote:
> So in this case, we could have a hook (or similar) on selenic.com/hg
> that appended a "Authenticated User: kurt" to all patches that I pushed.
> You could clone that off and change it to whatever you want on your
> local copy... but unless you had sufficient privileges on selenic.com,
> you *wouldn't* be able to do it on the one repository that actually
> mattered.
Well, surely you could check that authenticated users only push changes
authored by themselves. This might even work in a corporate setting or
so. But in Open Source, people with push privs are going to be pushing
other people's patches, so that doesn't work anymore...
For that case, you're either going to rely on some users to push to
certain 'master' repositories, in which case you're going to have to
trust those users to verify the identity of the author. Or you're going
with a pull model, and you yourself (the one integrating csets from
other repositories) have to decide whose repositories you trust to have
only changesets with username equal to the real patch author. (Or some
combination of the above scenarios, as we have with Mercurial.)
In either case, it ends up being about a trust network, suggesting that
this is a social problem that can either be solved with the gpg ext
(using an 'external' technical trust network) or with implicit trust...
Cheers,
Dirkjan
More information about the Mercurial
mailing list