I recently set up a Mercurial hosting solution myself, and noticed that there is no audit trail of who had been writing to the "master" clone. There are commit messages, but they could be fake (even misleading to a different committer). The threat I'm concerned about is that of a stolen SSH key. If that is abused to push suspicious changes into the repository, it is really difficult to find out whose key had been used. The solution I came up with is to define an "incoming" hook on the repository which will log the SSH user along with the pack ID of the pack being pushed. I'd like to propose that a similar hook is installed on repositories hosted at hg.python.org (unless Mercurial offers something better already). Whether or not this log should be publicly visible can be debated; IMO it would be sufficient if only sysadmins can inspect it in case of doubt. Alterntively, the email notification sent to python-checkins could could report who the pusher was. Dirkjan: if you agree to such a strategy, please mention that in the PEP. Regards, Martin