Mike Kupfer <mike.kupfer at sun.com> writes: > (moving the conversation to scm-migration-dev) > >>>>>> "Alan" == Alan Burlison <Alan.Burlison at sun.com> writes: > > Mike> As far as people using bogus email addresses with Mercurial, it's > Mike> technically possible, but then it's also possible for people to > Mike> commit something other than what they got code reviewed. If someone > Mike> abuses their commit privileges, they may find that they don't have > Mike> commit privileges much longer. IIRC, we did discuss on > Mike> scm-migration-dev whether to require that all commits be done as > Mike> user at opensolaris.org. I think we decided it wasn't worth it. > > Alan> The problem is that if we don't traceability becomes more > Alan> difficult as there's no easy way to tie the committer back to the > Alan> opensolaris user database. > > One option would be to add a changegroup hook that records the > committer's login and changeset ID(s) in a log file somewhere. That > would still require some additional work for someone doing an audit, but > I don't know that we need to optimize for that case.
So, you ditched some context here. Was the original mail on an external list? Either way, it is possible for us to *demand* a changeset author matches: First Last <register at email.address> from the webapp. Of course, if someone is bogus in the webapp... No doubt there's other, similar, things we could do. Like require foo at opensolaris.org and check foo@ against the database and $USER. > Alan> Is there any way we can configure this to happen 'automagically' > Alan> on the server site, e.g. ignore what they use in their .hgrc and > Alan> use their unix username? (which is the same as their OSO > Alan> username). > > My understanding is that the user name is part of the changeset. The > server must treat the changeset as immutable, so I believe the answer is > "no". The answer is effectively No. I suspect it's possible if we're willing to forgo all propriety, but we aren't. > We could implement a policy that says that all changesets must use the > correct <user>@opensolaris.org email address. This could be enforced on > the server. But we'd need to work through the implications of such a > policy, like whether the os.o email address is enabled by default or on > an opt-in basis. If it's enabled by default, we'll be adding a spam > vector, which is anti-social. If it's on an opt-in basis, we might want > to automate the current (manual) process for enabling the os.o email > address. We could mandate author: match username, and contain no other parts, too. > We could also implement a policy that says that the changeset user name > must match the (non-os.o) email address that the user has registered. Keep in mind that, at present, for onnv-gate author: is the swan-internal username that we found in that putback (I think from the putback log rather than SCCS), and various comments suggest we have a long history of machine-specific usernames creeping in there, and having to be weeded out of various places. I'd need to know the context that requires more rigorous checks before I can say anything useful. That said, I think it's pretty funny that you're talking about this but, as far as I know, the daemon@ crud is still yet to be fixed. -- Rich
