Git日志历史记录 [英] Git Log History
问题描述
对于版本控制来说很重要的一件事是知道谁做出了什么改变。如果事情发生了变化,我不知道为什么要做出改变,我会查看历史并询问进行改变的人。在我探索git的时候,有一件事让我对这个功能感到有点紧张,那就是仿冒很容易。什么阻止我把同事的名字/电子邮件放入git全局配置文件中的user.name和user.email?当使用gitosis / gitolite(它定义了用户)或github(我假设使用gitosis / gitolite之类的东西)时,是否有任何wyy来查看谁真的做出了提交? gitolite日志(在 .gitolite / logs / gitolite - * 中)每个推送的Gitolite用户。确定引入特定提交的推送还有一些工作要做,但它应该是直接的(单向:在每次推送的末端放置轻量级标签,然后使用 git name-rev
大多数Gitolite用户可能只有一个与它们关联的SSH密钥( keydir / user.pub ),但单个用户可能拥有多个SSH密钥( keydir / user @ *。pub )。因此,对于基于SSH的Gitolite,您可以将每个提交映射到一个(或多个)SSH密钥。
您是否信任SSH密钥以准确识别某个人是另一个问题(即您是否信任用户保留其私人SSH密钥的安全?)。
Gitolite还可以通过智能HTTP缓解Git访问。在这种情况下,Web服务器在REMOTE_USER环境变量中提供Gitolite用户名(即不是使用 .ssh / authorized_keys 文件来根据SSH密钥标识用户) 。身份验证和身份验证完全取决于Web服务器本身(通常只是一个用户名和密码,但是每个用户的SSL证书可以用来做更像基于SSH的访问)。
因此,对于基于HTTP的Gitolite,您可以将每个提交映射到Web服务器完成的身份验证。
GitHub有一些类似的信息,可以通过事件部分查询<一个href =http://developer.github.com/ =nofollow> GitHub API (以前它似乎只能作为您的监视存储库的Newsfeed条目的一部分)。每个 PushEvent 标识执行推送的GitHub用户,ref的名称(分支)被更新,新引用head(更新分支的新提示)的名称(SHA1散列)和提交列表。
One thing that is important with version control is knowing who made what change. If something was changed and I had no idea why the change was made, I would look in the history and ask the person who made the change. As I am exploring git, one thing that makes me a little nervous about this feature is that it seems really easy to fake. What is stopping me from putting a co-workers name/email in the git global config for user.name and user.email? When using something like gitosis/gitolite (which defined users) or github (which I assume using something like gitosis/gitolite), is there any wyy to see who truly made a commit?
Gitolite logs (in .gitolite/logs/gitolite-*) the Gitolite user for each push. There is a bit more work to determine the push that introduced a particular commit, but it should be straight forward (one way: drop light-weight tags at the tip of each push, then use git name-rev to find the first tag after the commit).
Most Gitolite users probably only have a single SSH key associated with them (keydir/user.pub), but it is possible for a single user to have multiple SSH keys (keydir/user@*.pub).
So, for SSH-based Gitolite, you can map each commit to one (or more) SSH keys.
Whether you trust an SSH key to accurately identify a particular person is another question (i.e. do you trust the users to keep their private SSH keys secure?).
Gitolite can also moderate Git access over "smart HTTP". In that case, the web server supplies the Gitolite username in the REMOTE_USER environment variable (i.e. instead of using the .ssh/authorized_keys file to identify the user based on the SSH key). The identification and authentication is completely up to the web server itself (usually just a username and password, but per-user SSL certificates could be used to do something more like SSH-based access).
So, for HTTP-based Gitolite, you can map each commit to an authentication done by the web server.
GitHub has some similar information and that can be queried through the Events part of the GitHub API (previously it only seemed to be available as part of the "Newsfeed" entries for your watched repositories). Each PushEvent identifies the GitHub user that executed the push, the name of the ref (branch) was updated, the name (SHA1 hash) of the new ref "head" (the new tip of the updated branch), and a list of commits.
这篇关于Git日志历史记录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
