Access control - author authenticity using a shared integration repository

[Stanimir Stamenkov]

Wed, 30 Dec 2009 00:45:12 +0200, /Stanimir Stamenkov/:

> Often a task is worked on by couple of developers cooperatively.
> The final product would contain changesets of all the authors which
> have done the changes, but probably (and I don't see another option)
> the push to the integration repository will be done by a single
> person.  So it should be possible for a user to push changesets of
> other authors.  In this scenario I don't see anything preventing a
> user to forge a changeset with the credentials of another.  How do
> you deal with this?  Is there trace of the push operations - who
> have done and what changesets have been added with them?

I've read Git changestes has author and committer fields, for
example.  Don't know details about the Git's committer field but is
there a similar field in Mercurial which records the system account
(or alternative access method account like https:) used to
commit/push the changesets?  Such field would be local to the
repository in question and doesn't need to (should not) be
propagated with clones.

-- 
Stanimir