[Python-Dev] PEP 385: Auditing
"Martin v. Löwis"
martin at v.loewis.de
Sat Feb 13 12:53:12 CET 2010
I recently set up a Mercurial hosting solution myself, and noticed that
there is no audit trail of who had been writing to the "master" clone.
There are commit messages, but they could be fake (even misleading to a
different committer).
The threat I'm concerned about is that of a stolen SSH key. If that is
abused to push suspicious changes into the repository, it is really
difficult to find out whose key had been used.
The solution I came up with is to define an "incoming" hook on the
repository which will log the SSH user along with the pack ID of the
pack being pushed.
I'd like to propose that a similar hook is installed on repositories
hosted at hg.python.org (unless Mercurial offers something better
already). Whether or not this log should be publicly visible can be
debated; IMO it would be sufficient if only sysadmins can inspect it in
case of doubt.
Alterntively, the email notification sent to python-checkins could could
report who the pusher was.
Dirkjan: if you agree to such a strategy, please mention that in the PEP.
Regards,
Martin
More information about the Python-Dev
mailing list