Alan Burlison <Alan.Burlison at sun.com> writes: > Mike Kupfer wrote: > >> We could implement a policy that says that all changesets must use the >> correct <user>@opensolaris.org email address. This could be enforced on >> the server. But we'd need to work through the implications of such a >> policy, like whether the os.o email address is enabled by default or on >> an opt-in basis. If it's enabled by default, we'll be adding a spam >> vector, which is anti-social. If it's on an opt-in basis, we might want >> to automate the current (manual) process for enabling the os.o email >> address. >> >> We could also implement a policy that says that the changeset user name >> must match the (non-os.o) email address that the user has registered. > > I believe the username in .hgrc doesn't have to be an email address, so > we could just make it equal to the OSO username, which might lower the > spam risk slightly. We could then check it was the same as the id of > the committer in one of the hooks.
We could. > There's another issue though - there is no requirement that OSO and SWAN > usernames match up, and there's nothing to prevent someone outside > registering with a username that is the same as an existing SWAN > one. I'm not sure why that matters. > This is doubtless going to cause confusion. Personally I'd prefer that > we made it mandatory that OSO and SWAN userids match up, even if that > means renaming some existing OSO ones. > I think that's bad for many reasons, not least that those cursed with the borg usernames are then stuck with them and that, in theory, your IT policy is such that said usernames should never be visible outside. As I understand it (second hand) your sentence above mandates every employee violate that, though perhaps I'm wrong. -- Rich
