Have stash show the actual person who pushed the commit

Thomas Ferrell April 10, 2014

Is there a way to have Stash show the actual person who pushed a set of commits to a server instead of having the commit log on the web just show the author? I'm thinking that theoretically someone could spoof their .gitconfig file with another person's name as the author and when committing would make the commit look like it was from another user.

3 answers

0 votes
Thomas Ferrell April 10, 2014

Thanks Cathy. I up-voted your issue as well.

0 votes
Cathy Sanders April 10, 2014

We don't want to necessarily prevent a user from pushing commits that they did not author, but do need to keep audit trail information regarding who pushed a set of commits. I actually also asked a question here yesterday to see if someone has a better solution for keeping the audit trail (https://answers.atlassian.com/questions/282795/stash-audit-log-for-push-events). I submitted an issue to ask for a change in priority of the push event so we do not have to set logging to low to capture those events (https://jira.atlassian.com/browse/STASH-4587). Please feel free to add your input as well as it seems like we are looking for that same ability to be able to make sure we are tying commits to who performed the actual push to Stash.

0 votes
Thomas Ferrell April 10, 2014

I see some activity around this issue here: https://jira.atlassian.com/browse/STASH-2642.

Also, I tried the plugin called Enforce Author Hook, but I'm still able to push changes with a different .gitconfig user/email than the actual user associated with the ssh profile of the Stash account.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events