Is there a way to protect oneself from Mercurial identity theft? The case is if someone deliberately commit bugs into the code using another developer's name with the goal of getting that person fired or mis-credited. Is there a way to stop that from happening or is it a non issue?

Is there a way to protect oneself from Mercurial identity theft?

1 Answers

I don't know a way to actually restrict the commits not so include a "stolen" identity, but if you have a centralized repository you should be able to securely audit who has pushed which changes to the server, and thereby track down the identity thief.

Edit: there seems to be support for signing commits with two extensions, the CommitsigsExtension as well as the seemingly less secure approach implemented by the GpgExtension.

Signing the changesets effectively prevents identity theft since the thief does not have the private key of the identity he wants to steal, thereby he cannot sign the commit.

answered Jan 30 '23 01:01

Lucero

Related questions
                            
                                Is it bad practice to include sensitive information in iOS source code comments?
                            
                                What is the best way to securely add administrative access to my rails website?
                            
                                Django file upload input validation and security
                            
                                Necessary to set ServerSignature and ServerTokens apache config options with Rails apps?
                            
                                Can trusted 1.5 applets execute system commands?
                            
                                What type of information should be saved in a Cookie (PHP)
                            
                                Outlook security
                            
                                Running IIS Application with different user Credentials
                            
                                How to add a licensing functionality to a java program? [closed]
                            
                                Is there a secure way to set up a mysql root password?
                            
                                PNG file validation
                            
                                Best practice for secure socket connection
                            
                                How secure are .htaccess protected pages
                            
                                Safest communication method between applications on same machine
                            
                                All PHP files getting hacked
                            
                                Prevent SQL injection from form-generated SQL - NO PreparedStmts
                            
                                Uploading PDF or .doc and security
                            
                                REST authentication S3 like hmac sha1 signature vs symetric data encryption
                            
                                How to make TLS connection from PHP in web server, and safely
                            
                                Reduce chances of PHP plugins being malicious

Is there a way to protect oneself from Mercurial identity theft?

Tags:

security

mercurial

MdaG

1 Answers

Lucero

Recent Activity

Donate For Us