I'd bet that you can commit as anyone and push it if you have that access. You probably wouldn't keep that access for long, though.
On Dec 14, 2017 12:13 PM, "Warren Young" <war...@etr-usa.com> wrote: > On Dec 14, 2017, at 10:19 AM, jungle Boogie <jungleboog...@gmail.com> > wrote: > > > > So Warren edited a file at the same exact time as tangent? > > Fossil arguably has a bug here, where if you check a change in as local > user name “tangent”, as I do here, then *later* do a “fossil sync” to a URL > with a user name, some bit of the local on-disk state remembers that you > originally cloned the repo as tangent and makes your changes under that > name. Then when you go to push to the remote repo, it uses your remote > user name and password credentials, but the changes are tagged with your > local user name. > > I think Fossil ought to catch this kind of thing and either silently > rewrite the user name or force some local fix-up it can’t be done > automatically for some reason. > > This kind of thing happens when a previous outsider to a project is later > granted privileges, but under a different name. > > I assume Fossil is the way it currently is because: > > a) many people use the same user name everywhere > b) it’s a rare occurrence; and > c) it’s easy to fix when it happens > > But even knowing all of this, it’s happened to me twice with the > fossil-scm.org repository, once from two different machines. The first > was a pure surprise to me on my first checkin to fossil-scm.org, and the > second happened to me yesterday because I missed one client machine when I > went around and closed, re-cloned and re-opened the fossil-scm.org > repository to make each one forget about user tangent. > > I classify this as a bug because it could be used for an impersonation > attack. I expect that it would not allow me to check changes in as drh > simply by creating a local drh user, since that’s a known user and I cannot > produce drh’s password, but it certainly will let me check changes in as > billgates. > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users >
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
