Is there a way to have Stash show the actual person who pushed a set of commits to a server instead of having the commit log on the web just show the author? I'm thinking that theoretically someone could spoof their .gitconfig file with another person's name as the author and when committing would make the commit look like it was from another user.
I see some activity around this issue here: https://jira.atlassian.com/browse/STASH-2642.
Also, I tried the plugin called Enforce Author Hook, but I'm still able to push changes with a different .gitconfig user/email than the actual user associated with the ssh profile of the Stash account.
We don't want to necessarily prevent a user from pushing commits that they did not author, but do need to keep audit trail information regarding who pushed a set of commits. I actually also asked a question here yesterday to see if someone has a better solution for keeping the audit trail (https://answers.atlassian.com/questions/282795/stash-audit-log-for-push-events). I submitted an issue to ask for a change in priority of the push event so we do not have to set logging to low to capture those events (https://jira.atlassian.com/browse/STASH-4587). Please feel free to add your input as well as it seems like we are looking for that same ability to be able to make sure we are tying commits to who performed the actual push to Stash.
Free training for Jira, Confluence, and Jira Service Management Start faster and be more productive with Atlassian cloud products. Take the guess work out of where to begin, and gain confidence wi...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events