how to block false user name and email in commits
i want to block those commits in the server which has false user name and email.
The authentication is via ssh. It is currently posible for me to update the config user.name and user.email to something other than mine and still commit and push to central repo. The history now shows wrong information about committer.
Any ideas, how we can prevent this?
2 Solutions collect form web for “how to block false user name and email in commits”
You will need to associated the ssh key with an email and deny commits that have a different email.
Emails and usernames can be spoofed.
The best way would be to sign the commits with a gpg key.
gpg --list-keys git config --global user.signingkey 123ABC89 git commit -S