Is there a way to protect oneself from Mercurial identity theft?

Question

Is there a way to protect oneself from Mercurial identity theft?

The case is if someone deliberately commit bugs into the code using another developer's name with the goal of getting that person fired or mis-credited.

Is there a way to stop that from happening or is it a non issue?

Answer 1

I don't know a way to actually restrict the commits not so include a "stolen" identity, but if you have a centralized repository you should be able to securely audit who has pushed which changes to the server, and thereby track down the identity thief.

---

Edit: there seems to be support for signing commits with two extensions, the CommitsigsExtension as well as the seemingly less secure approach implemented by the GpgExtension.

Signing the changesets effectively prevents identity theft since the thief does not have the private key of the identity he wants to steal, thereby he cannot sign the commit.