Is there a way to have Stash show the actual person who pushed a set of commits to a server instead of having the commit log on the web just show the author? I'm thinking that theoretically someone could spoof their .gitconfig file with another person's name as the author and when committing would make the commit look like it was from another user.
We don't want to necessarily prevent a user from pushing commits that they did not author, but do need to keep audit trail information regarding who pushed a set of commits. I actually also asked a question here yesterday to see if someone has a better solution for keeping the audit trail (https://answers.atlassian.com/questions/282795/stash-audit-log-for-push-events). I submitted an issue to ask for a change in priority of the push event so we do not have to set logging to low to capture those events (https://jira.atlassian.com/browse/STASH-4587). Please feel free to add your input as well as it seems like we are looking for that same ability to be able to make sure we are tying commits to who performed the actual push to Stash.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I see some activity around this issue here: https://jira.atlassian.com/browse/STASH-2642.
Also, I tried the plugin called Enforce Author Hook, but I'm still able to push changes with a different .gitconfig user/email than the actual user associated with the ssh profile of the Stash account.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.