Access control - author authenticity using a shared integration repository
Andreas Tscharner
andy at vis.ethz.ch
Wed Dec 30 02:37:22 CST 2009
Stanimir Stamenkov wrote:
[snip]
> Often a task is worked on by couple of developers cooperatively.
> The final product would contain changesets of all the authors which
> have done the changes, but probably (and I don't see another option)
> the push to the integration repository will be done by a single
> person. So it should be possible for a user to push changesets of
> other authors. In this scenario I don't see anything preventing a
> user to forge a changeset with the credentials of another. How do
> you deal with this? Is there trace of the push operations - who
> have done and what changesets have been added with them?
>
That depends on how these developers on that specific task work
together. If they commit their part of the task to their repositories
and share their repositories (using "hg serve" or the "Web server"
command in TortoiseHG), all changesets (not only one) is pushed and the
credits/submitter informations will be preserved. This works of course
only if they work together in the described way and do not use the
collapse extension or histedit extension
Best regards
Andreas
--
("`-''-/").___..--''"`-._
`o_ o ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' .'
(il).-'' (li).' ((!.-'
Andreas Tscharner andy at vis.ethz.ch ICQ-No. 14356454
More information about the Mercurial
mailing list