GIT作者身份验证 [英] GIT author authentication
问题描述
我们公司正在研究现代化我们的版本控制,通常我们希望使用git。我之前使用过分布式版本控制,但只使用个人项目和开源项目(有某种用户管理的地方)(Google上的Mercurial和LaunchPad上的Bazaar)。如果我们在自己的仓库中使用GIT,我不确定如何验证每个提交的作者。我不是在谈论推送认证,而是为了提交。
因此,让我们说..
1.我克隆回购和检查一个分支。
2.我将我的user.name更改为我的工作人员并进行更改并最终提交。
3.我改变我的用户名和回推(以我的SSH帐户为例)。
4.在那里,我可以把所有的改变归咎于我的同事。
这会是一个问题吗?我们如何解决这个问题?
我确定有些东西在外面,但我想我不是在寻找正确的信息,所以它会非常有帮助如果你们可以给我一些关于这方面的基本概述。
谢谢
您无法规定提交的创建,因为这会发生在每个用户的工作站上,存储在其自己的本地存储库副本中。
您可以执行一些检查挂钩),并要求传入的提交承载连接用户的名称。 然而,这是一个坏主意。
考虑一个用户可能需要重用其他人的工作,但不想合并它。他可能会挑选别人的承诺,或将自己的分支重新分配给自己。在这种情况下,正确的作者信息与原始提交匹配,并且限制传入提交的作者姓名与推送用户的作者姓名相匹配会破坏此工作流程。
只有当它成为问题时,我才会担心。这归结为信任:如果你不信任开发者,为什么他们为你工作?
Our company is looking into modernize our version control and generally we would like to use git. I've use distributed version control before but only with personal project and opensource project (where there is some sort of user management) (Mercurial on Google code and Bazaar on LaunchPad). I am not sure about how can we authenticate author of each commit if we are using GIT on our own repository. I am not talking about the authentication for push but for commit.
So let say .. 1. I clone the repo and check out a branch. 2. I change my user.name to my worker and make changes and finally commit. 3. I change my user.name back and push (with my ssh account for example). 4. There I can blame all the changes to my coworker.
Will this be a problem? How do we get around to tame this problem?
I am sure there is something out there but I guess I am not looking for the right info so it would be very helpful if you guys can give me some basic overview on this.
Thanks
You cannot regulate the creation of commits, since that happens on each user's workstation, in their own local copy of the repository.
You can do some checks (with hooks) in the central repository, and require that incoming commits bear the name of the connecting user. However, this is a bad idea.
Consider the case where one user might need to reuse someone else's work, but doesn't want to merge it. He might cherry-pick someone else's commit, or rebase their branch onto his own. In this case, it is correct that the authorship information match the original commits, and restricting incoming commits to have an author name that matches the user pushing them would break this workflow.
I would worry about this only if it becomes a problem. It comes down to trust: if you don't trust a developer, why do they work for you?
这篇关于GIT作者身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
