如何区分恰好具有相同配置的两个git用户? [英] How to differentiate two git users who happen to have the same config?
问题描述
git config user.name
是完全相同的,但是它们的公钥是不同的。如果其中一人提交了,是否有办法告诉他们哪一个提交了?
解决方案灵感来自@ Torek的评论。事实上,有可能使用PGP标志,并期望每个开发者访问回购的使用情况。 PGP签名应该是唯一的每个用户,据我所知,它可以非常安全,因为它使用混合加密。如果用户使用公钥密码术签署他们的提交,那么他们可以被识别即使他们的名字和电子邮件看起来是相同的,所述公钥也是如此。更多信息此处和这里。
编辑:
在实践中,大多数项目似乎只签署附加了注释的标签(使用相同的加密签名方法)以发布版本,然后依靠 Merkle tree 结构的标签 - >提交 - >(一切)使用它来覆盖发布版本和所有历史导致到那一点。
@torek,2016-09-06
Let us suppose that there are two different git users, U1 and U2. Let's suppose further that they have the same config, for example their
git config user.name
is the very same, but their public key is different. If one of them makes a commit, is there a way to tell which one of them made that commit?
This answer was inspired by @Torek's comments. In fact, there is a possibility to use PGP sign and expect its usage of every developer accessing the repo. The PGP signature should be unique per user and as far as I understand, it can be pretty secure, as it uses a hybrid encryption. If the users use public-key cryptography to sign their commits, then they can be identified by the said public key even if their name and email appears to be equal. More info here and here.
EDIT:
"in practice, most projects seem to sign only annotated tags (using the same encrypted signature methods) attached to release version and then rely on the Merkle tree structure of tag->commit->(everything) to use that to cover the release version and all history leading up to that point."
@torek, 2016-09-06
这篇关于如何区分恰好具有相同配置的两个git用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
