maxmelbin
Reputation: 2095
how to block false user name and email in commits
i want to block those commits in the server which has false user name and email. The authentication is via ssh. It is currently posible for me to update the config user.name and user.email to something other than mine and still commit and push to central repo. The history now shows wrong information about committer. Any ideas, how we can prevent this?
Upvotes: 2
Views: 801
Answers (2)
spuder
Reputation: 18447
Emails and usernames can be spoofed.
The best way would be to sign the commits with a gpg key.
https://phreaknerd.wordpress.com/2012/02/09/signing-git-commits-with-your-gpg-key/
gpg --list-keys
git config --global user.signingkey 123ABC89
git commit -S
Upvotes: 2
manojlds
Reputation: 301177
You will need to associated the ssh key with an email and deny commits that have a different email.
Upvotes: 2
Related Questions
- Any way to guarantee that a git user doesn't use fake account info when commiting and pushing?
- Disable Git Global Username and Email
- How can I prevent Git from using an email of the form username@pc-name instead of an empty one?
- How to disable Git auto-detecting email address?
- How to prevent author of Git commit from being changed
- How do I make git block commits if user email isn't set?
- Prevent people from pushing a git commit with a different author name?
- Block and/or Identify Fake author name/email in GIT
- How can I deny a commit, in a client-side hook, if the user name/email is incorrect?
- How can I update the usernames/emails in Git commits?