All geek questions in one place

How to find the actual committer in git?

Recently, one of my colleagues used my email and name in .gitconfigto push a code in a thread master(ethically wrong, but that was mostly for fun). Since it gittakes the name from config, instead of the actual sshor login, the rest of them see my name in commit.

As a configuration change is easy and does not require authentication / authorization. I want to know if there is a way by which I can distinguish the actual me from the fake me?

Note . My colleague and I have similar rights to click on a repo. In fact, it is the same for all the developers of our team. Most of us use the sshgit push method.

+4
source share
2 answers

In my opinion, your colleague was mistaken when he identified himself as you, no matter what the actions were - he should have been formed as his own named user for the sake of a verification trace.

At the same time - if this user had the correct privileges to push the code to the repo (as his own named user), and there were no hook settings to verify that the incoming commit matches the person performing the push - then I would say no , there is no way to distinguish who committed these commits.

Here is a preliminary trick that will verify that the person pressing the code is also the author specified in the commit.

+2

, , . , . . --gpg-sign git commit: https://git-scm.com/docs/git-commit

0

Source: https://habr.com/ru/post/1677694/

More articles:


All Articles