From: Aaron Schrab <aaron@schrab.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>,
Shreya Malviya <shreya.malviya@gmail.com>,
git@vger.kernel.org
Subject: Re: Question: Setting the Email Address in ~/.gitconfig
Date: Fri, 12 Jun 2020 20:16:54 -0400 [thread overview]
Message-ID: <20200613001654.GA190001@pug.qqx.org> (raw)
In-Reply-To: <20200611225216.GZ6569@camp.crustytoothpaste.net>
[-- Attachment #1: Type: text/plain, Size: 1452 bytes --]
At 22:52 +0000 11 Jun 2020, "brian m. carlson" <sandals@crustytoothpaste.net> wrote:
>On 2020-06-11 at 21:25:45, Shreya Malviya wrote:
>> My question:
>> It would be much easier if git didn't allow changing the email address
>> so easily. Why hasn't git implemented OAuth, or something of that
>> sort, for every time that the email address is changed in
>> ~/.gitconfig, yet?
>
>This is a local configuration file, so asking someone to implement OAuth
>to change a local configuration file wouldn't be helpful. Many Git
>servers are, for example, SSH only, and so OAuth isn't even a
>possibility.
Beyond that, even if git *did* somehow provide strong authentication of
the configured email address for commits, it's open source software so
people could still quite easily disable that authentication to spoof
commits as other people. They could also use some other software
(possibly that they write themselves) that manipulates a repository
without doing that authentication.
While the data is entirely on an untrusted system (however you want to
define trusted), the operator of that system will always be able to
manipulate that data.
The alternative to this would be to require all commits to be
cryptographically signed. But, most projects consider that to be too
much of a burden. After all that only covers who made the changes, while
for many things the content of the changes is much more important.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 898 bytes --]
prev parent reply other threads:[~2020-06-13 0:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-11 21:25 Question: Setting the Email Address in ~/.gitconfig Shreya Malviya
2020-06-11 22:52 ` brian m. carlson
2020-06-13 0:16 ` Aaron Schrab [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200613001654.GA190001@pug.qqx.org \
--to=aaron@schrab.com \
--cc=git@vger.kernel.org \
--cc=sandals@crustytoothpaste.net \
--cc=shreya.malviya@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).