Authentication problem using Mercurial
We have a central repository over http on Apache with digest authentication for two users "One" and "Two".
User "One" can do:
hg commit -uTwo -mText hg push http: // central-repo / hg / project
How can I prevent this fake in the central repository?
Or how do you know who is doing this push to the central repository?
+2
source to share
1 answer
You can install the pushlog extension to keep track of who is pushing what. See Mozilla's hgpoller repository for the pushlog extension it uses (they also have a separate set of templates). An alternative solution would be to write a hook to reject pushing changesets created by someone other than the authenticating user. Since this can also be a very correct scenario, a pushlog solution might be better.
+4
source to share