Geek Answers Handbook

Is there a way to protect myself from identity theft Mercurial?

Is there a way to protect myself from identity theft Mercurial?

The fact is that someone deliberately makes mistakes in the code using a different developer name in order to force him to be fired or incorrectly credited.

Is there a way to stop this, or is it not a problem?

+4
source share
3 answers

I donโ€™t know how to really limit commits, and not include a โ€œstolenโ€ identity, but if you have a centralized repository, you should be able to reliably check who clicked on what changes on the server, and thereby track down the thief's face.

Edit: There seems to be support for signing commits with two extensions, CommitsigsExtension , as well as a less secure approach implemented by GpgExtension .

Signing the changes effectively prevents identity theft because the thief does not have the private identity key that he wants to steal, so he cannot sign the commit.

+7
source

The Mozilla project does this in the form of a pushlog. They made a trivial change to web templates to show the output of an empty sheet, which is easily created in push mode using the changeset hook. Here's what their magazine looks like:

http://hg.mozilla.org/mozilla-central/pushloghtml

The hook creating such a log can be as simple as:

 [hooks] changeset = echo $REMOTE_USER pushed HG_NODE >> /path/to/my/pushlog

In practice, this is one of the things that everyone thinks will be a problem when they first hear that the "user" field is completely falsified, but in practice it is simply never a problem.

+2
source

Use access control in the "main" repo request and logs. If you register those who are authenticated to push each commit, you can tell who actually clicked the particular commit, regardless of the information in the repository.

0
source

More articles:


All Articles