You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 5, 2018. It is now read-only.
By design, each git commit carries the email of its author, and nothing prevents you from forging a commit that pretends to be from someone else.
When working on group projects, this might be problematic. Even if all students have the rights to modify anything, by changing their email address they can break stuff and blame it on somebody else. Now, the chances of this happening on purpose are really low, and the solution to this resides more on the social aspects of source control than on the technical ones, but still...
I am wondering if I can access the "push log" of a github repository, in order to check who sent which commit to the server.
The other option I am aware of is signing commits with an ssh key, but I don't think it would work with the built-in git integration of visual studio we are currently using (which is really convenient because it is dead simple, so I'd like to keep it that way). And also, if the repository can't be configured to reject unsigned commits this won't help much (I have to confess I have no idea if that is possible with github).
Any idea? Thanks.
The text was updated successfully, but these errors were encountered:
Even if you could access the push log, it doesn't necessarily mean much. Since git is decentralized, they could merge from each other's repositories (eg more than one remote repository), at which point, whichever repo you have the push-log of becomes only a subset of the history.
Hi all,
By design, each git commit carries the email of its author, and nothing prevents you from forging a commit that pretends to be from someone else.
When working on group projects, this might be problematic. Even if all students have the rights to modify anything, by changing their email address they can break stuff and blame it on somebody else. Now, the chances of this happening on purpose are really low, and the solution to this resides more on the social aspects of source control than on the technical ones, but still...
I am wondering if I can access the "push log" of a github repository, in order to check who sent which commit to the server.
The other option I am aware of is signing commits with an ssh key, but I don't think it would work with the built-in git integration of visual studio we are currently using (which is really convenient because it is dead simple, so I'd like to keep it that way). And also, if the repository can't be configured to reject unsigned commits this won't help much (I have to confess I have no idea if that is possible with github).
Any idea? Thanks.
The text was updated successfully, but these errors were encountered: