(resending previous response. Forgot to turn off HTML, and apprently
gmail doesn't wrap lines automatically anymore?)

On 31 January 2013 16:52, Scott Yan <scottya...@gmail.com> wrote:
> The user info of git client (user name and email) is set by the users
> themselves, so , how to avoid userA pretend to be userB?
> Git server could authentication the user, but it do nothing about the
> user info of commit message.

The simplest thing is to have the server reject commits that have the
'committer' set to someone other then the  authenticated user.

Of course, there are potential workflows that this would cause problems
for, such as if you sync directly to another user's repository and then try
and push those to a central server.

The most robust system would probably involve using signed tags to
verify what is being pushed, however I am not aware of any set-ups that
have done this yet.


Andrew Ardill
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to