R – Mercurial authenticated pushing problem


We have central repository via http on Apache with digest authentication for two users 'One' and 'Two'.

User 'One' can do:

    hg commit -uTwo -mText
    hg push http://central-repo/hg/project

How to prevent that fake on the central repository?
Or how to know who makes that push to the central repository?

Best Solution

You can install a pushlog extension to keep track of who pushes what. See the Mozilla hgpoller repo for the pushlog extension they use (they have a separate set of templates as well). An alternative solution would be to write a hook to deny pushing changesets authored by someone else than the authenticating user. Since that can also be a very valid scenario, the pushlog solution might be best.