Is there a way to have Stash show the actual person who pushed a set of commits to a server instead of having the commit log on the web just show the author? I'm thinking that theoretically someone could spoof their .gitconfig file with another person's name as the author and when committing would make the commit look like it was from another user.
I see some activity around this issue here: https://jira.atlassian.com/browse/STASH-2642.
Also, I tried the plugin called Enforce Author Hook, but I'm still able to push changes with a different .gitconfig user/email than the actual user associated with the ssh profile of the Stash account.
We don't want to necessarily prevent a user from pushing commits that they did not author, but do need to keep audit trail information regarding who pushed a set of commits. I actually also asked a question here yesterday to see if someone has a better solution for keeping the audit trail (https://answers.atlassian.com/questions/282795/stash-audit-log-for-push-events). I submitted an issue to ask for a change in priority of the push event so we do not have to set logging to low to capture those events (https://jira.atlassian.com/browse/STASH-4587). Please feel free to add your input as well as it seems like we are looking for that same ability to be able to make sure we are tying commits to who performed the actual push to Stash.
I’m Jess, a Product Marketer for Jira Software Server and Data Center, and now a huge fan of our products. Read on for a 90 day, new-hire perspective on what it’s like to standardize on the Atlassian...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs