Keep a record of who pushed revisions to a repository

Krzysztof Nowicki krissn at op.pl
Tue Mar 8 07:34:34 UTC 2011 

Hi,

I know about the signatures. I was thinking about using them but I didn't want
to take out such a big gun as it would require all users to setup GPG (we're
talking Windows users here :( ). All I really need is some sort of metadata to
indicate the real committer. I don't need NSA-level security here.

I wonder however if it would be possible to utilize the storage used for
signatures to store a short metadata indicating the real committer. This would
need to be done by a hook on the smart server. I'll try to play with it.

Thanks anyway

Krzysztof

On 2011-03-08 03:49, Philip Peitsch wrote:
> Hi Krysztof,
> 
> Do you know about bazaar's revision signing mechanism?  See this blog post for
> instructions: http://blogs.gnome.org/jamesh/2007/10/04/signed-revisions-with-bazaar/
> 
> I believe this would fit your requirements somewhat... though potentially won't
> address all of them.
> 
> Cheers,
> 
> Philip
> 
> On Tue, Mar 8, 2011 at 3:34 AM, Krzysztof Nowicki <krissn at op.pl
> <mailto:krissn at op.pl>> wrote:
> 
>     Hi,
> 
>     I'm trying to setup an internal portal hosting shared Bazaar repositories. The
>     idea is to give anyone write access to the repositories as I don't want restrict
>     user commit rights to the branches. What I however want is to be able to
>     identify who committed every revision so that in case someone abuses the trust
>     and pushes some bogus revision. The problem that I found is that when a push
>     occurs to the repository, all revisions are stored without changes. This means
>     that whatever committer name was given will also appear in the public
>     repository. What will however not be there is the real name of whoever pushed
>     that change.
> 
>     What I'm looking for is a way to log the real committer name (who is
>     authenticated upon access to the server using an individual SSH key) along with
>     the pushed revisions so that if something bad happens I can beyond any doubt
>     identify the offender.
> 
>     Is there a way to do this with Bazaar?
> 
>     Krzysztof
> 
> 
> 
> 
> 
> -- 
> Philip Peitsch
> Mob: 0439 810 260

More information about the bazaar mailing list