Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Who really made a commit?

Richard Blewett
Richard Blewett August 8, 2017

I've been playing about with the command line pushing commits into a repo. The repo is private and therefore I need to authenticate with either HTTPS or SSH - I get the same following behavior either way.

It appears, despite authenticating, that I can chose to commit using any identity I want simply by changing the user.email config setting. If I change it to a colleagues email address the commit appears to have been made by him.

Am I missing a repo setting that forces the commit to be under the authenticated user's identity? As it stands things appear to be pretty broken from an audit point of view.

Answer
Watch
Like Be the first to like this
624 views

1 answer

0 votes
Christian Glockner
Christian Glockner
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 9, 2017

Hi Richard,

That is how git works in principle. In Bitbucket Server you can enable the Verify Committer post-receive hook that verifies that the committer is the user pushing see Using repository hooks.

In addition, starting with Bitbucket Server 5.1 we offer GPG signed commits, giving you additional layer of authentication - see the Bitbucket Server 5.1 release notes for details.

Cheers,

Christian

Premier Support Engineer

Atlassian

View More Comments
Richard Blewett
Richard Blewett August 9, 2017

Thanks for the response Christian

So is this a feature I can enable in my repos on Bitbucket in the cloud or would I need to go on-premise?

Like
Christian Glockner
Christian Glockner
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 9, 2017

Hi Richard,

I'm not an expert on Bitbucket Cloud, but from what I understand that is a feature that's only available on Bitbucket Server.

Cheers,

Christian

Premier Support Engineer

Atlassian

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events