Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Smart Commit Warning

Prantar Bora
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 16, 2016

Hi,

We want to enable smart commits in Crucible so that users can directly transition issues in the linked project in JIRA or create review while committing. 

However we have seen the following warning while enabling smart commits in Crucible administration.-- "When using Git or Mercurial, it is possible to commit under any username. Ensure you can fully trust your committers when using those systems."

Our repositories are hosted in Bitbucket and most users use Git clients.

Could some please suggest what exactly this means and what implications this could have ? For e.g. can a user who is having permission to commit in Stash but no permissions in the JIRA project be able to transition an issue while committing?


Thanks,

1 answer

1 accepted

1 vote
Answer accepted
Vitalii Petrychuk
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 23, 2016

This means that UserA can modify his git config settings in the next way:

Then using Smart Commits he can perform all possible operations as UserB (if UserB is authenticated with JIRA Software).

Lance Milleson September 19, 2019

This sounds like a horrible security issue!

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events