On Mon, Dec 7, 2009 at 12:08 PM, Alan Burlison <alan.burli...@sun.com> wrote: > Richard Lowe wrote: > >>>> In addition to the example from Mike, there're gates (such as pkg), >>>> where >>>> a user needs N good integrations before they're offered write access >>> >>> Even so, all such contributions need to be covered in the same way as >>> if they were being pushed by the author, i.e. via a SCA or Sun >>> employment status. >> >> Of course they do, I didn't mean to suggest otherwise. >> You asked where author and pusher identify may differ. > > Sure, I'm just wondering how best we can automate the checking of the status > of the author(s) - the pusher is easy as they have to be logged in to push. > We can identify people by either their registered email address or their > opensolaris login name, so I think the author field should have to match one > of those two, with the commit being rejected otherwise.
How about signing [1] the commits and verifying the signature[s] during the push time ? [1] http://mercurial.selenic.com/wiki/GpgExtension -- Regards, Cyril _______________________________________________ tools-discuss mailing list tools-discuss@opensolaris.org
