Keep a record of who pushed revisions to a repository
Andrew Bennetts
andrew.bennetts at canonical.com
Wed Mar 9 00:05:16 UTC 2011
Krzysztof Nowicki wrote:
[...]
> What I'm looking for is a way to log the real committer name (who is
> authenticated upon access to the server using an individual SSH key) along with
> the pushed revisions so that if something bad happens I can beyond any doubt
> identify the offender.
>
> Is there a way to do this with Bazaar?
Use the post_change_branch_tip hook:
<http://doc.bazaar.canonical.com/bzr.dev/en/user-reference/hooks-help.html#post-change-branch-tip>
You could use post_change_branch_tip to e.g. log the branch, new
revision ID, and $USER to an audit log somewhere.
See <http://doc.bazaar.canonical.com/bzr.dev/en/user-guide/hooks.html>
for how to use a hook.
It's not bulletproof; the smart server isn't yet restrictive enough to
stop clients from circumventing the code paths that trigger the hook if
they really want to (although we're slowly getting there). So whether
this is suitable for you depends on the level of protection you require.
-Andrew.
More information about the bazaar
mailing list