stash and git's

I'm new to stash and git, and I'm likely doing something wrong here.

This has to do with Stash using Git's instead of the Stash username.

a) I created two users in Stash (user1 and user2)

b) I checkout, in two different directories;

git clone http://user1:password@localhost:7990/scm/pick/pickertool.git

git clone http://user2:password@localhost:7990/scm/pick/pickertool.git

(note the user:password format)

c) However, if I set both of the local GIT repostories' to "User" then I see the commits (in stash) as "User" (instead of user1 or user2).

Is this how its supposed to work? Am I doing something wrong?

In this situation, user1 can set their to "user2" and make mask their commits.



2 answers

1 accepted

Hi David,

So if you look at your commits (ie git log) you'll see the user and email address of what is set locally. As you point out user2 can absolutely "fake" the user details if they so desire. It's important to note that Stash doesn't (yet) map the Git email/author names to anything in Stash, it might appear like we are because we're using Gravatar, but that's it. This is certainly something we will implement and you may be interested in voting on the following:

But that doesn't address the problem of impersonation, something that is much harder to solve. You may be interested in this:

There is a plugin mentioned on that ticket that enforces that when you push all the commits much contain an email address that matches the user who is pushing. I need to warn you that this works in simple workflows, but if you ever start forking with feature branches involving multiple people you will eventually run into the situation where you can't push because you be trying to push someone else's commits, and there is nothing you will be able to do. Enforcing security in a DVCS (distributed) world is tricky.

Does that help?


Hi, Charles,

That explains what's happening - thanks for for the reply and the links (I voted both issues).



Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,739 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you