Keep a record of who pushed revisions to a repository

Krzysztof Nowicki krissn at op.pl
Tue Mar 8 08:36:51 UTC 2011


On 2011-03-08 09:01, John Arbash Meinel wrote:
> With a distributed setup, the person who pushed the changes is not
> necessarily the one that committed them.
> 
> If you prototype some work, I merge it into my branch and finish it off,
> and then we push it to the trunk, all of those revisions get pushed by
> one person, even though there are revisions from multiple people involved.
> 
> I could see using a server-side hook to store out-of-band (in a separate
> file from the bzr data itself) what revisions were pushed to what branch
> by what authenticated user.
> 
> I'm not fully sure what you gain by this, though. If it is about knowing
> who landed the final change on trunk, you could set
> "append_revisions_only = True" in branch.conf, and have a general policy
> that people use a checkout of trunk to merge in changes and commit
> there. Rather than just pushing to trunk. (Append_revisions_only
> prevents them from merging trunk into their branch and pushing to trunk.
> They have to preserve the mainline history from trunk to push to trunk.)
> 
> 
> I think what you are asking for is going to be pretty custom for your
> installation. Mostly because bzr currently avoids tracking Auth info,
> rather than duplicating the work of stuff like SSH.
> 
> Certainly I could see using a patch in StreamSink so that whenever you
> see a new revision, you log the current username. There will be ways
> around it, of varying complexity. So it depends how hard you want to
> push on it.
> 
> John
> =:->

By looking at the code I was wondering if I could make use of
Repository.add_signature_text() and append a short metadata with the
authenticated user name. This would be done from a server-side trigger. Yes this
would be a highly custom solution, but I guess it wouldn't break any
compatibility either.

BTW, I noticed that you had a plugin for verifying the signatures. It was
available here: http://bzr.arbash-meinel.com/plugins/signing/ Unfortunately the
link seems to be dead. I wanted to look at it for some examples how to read the
signatures. Is it still available somewhere?

Krzysztof




More information about the bazaar mailing list