Who created a branch - reflog

Who created a branch - reflog

[Miklos Vajna]

[-- Attachment #1: Type: text/plain, Size: 653 bytes --]

Hi,

We have a repo where multiple users have push access, they access the
repo via ssh. Now let's say one of the developers ("A") accidently create a
branch named "foo" in the shared repo. Of course the tip of "foo" may
not point to a commit authored by "A".

IIRC reflogs could be used in that case when the push is done via http,
as the HTTP username is recorded in the reflog, so we can know who to
blame.

Unfortunately - as far as I see - this is not true for ssh, there simply
the author of the tip commit is used.

Have I missed something? Would it be possible to have the username of
the user in the reflog, even when pushing via ssh?

Thanks.

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: Who created a branch - reflog

[Shawn Pearce]

On Tue, Mar 8, 2011 at 06:38, Miklos Vajna <vmiklos@frugalware.org> wrote:
> We have a repo where multiple users have push access, they access the
> repo via ssh. Now let's say one of the developers ("A") accidently create a
> branch named "foo" in the shared repo. Of course the tip of "foo" may
> not point to a commit authored by "A".
>
> IIRC reflogs could be used in that case when the push is done via http,
> as the HTTP username is recorded in the reflog, so we can know who to
> blame.
>
> Unfortunately - as far as I see - this is not true for ssh, there simply
> the author of the tip commit is used.
>
> Have I missed something? Would it be possible to have the username of
> the user in the reflog, even when pushing via ssh?

reflog identity entries are derived from GIT_COMMITTER_NAME and
GIT_COMMITTER_EMAIL in the environment at the time that the log event
takes place. If these aren't set, they are derived from the current
user's gecos, or from $GIT_DIR/config or ~/.gitconfig as the
user.name/user.email variables.

Perhaps over SSH one of these is triggering for a user, allowing the
user to fill in their own identity... or someone else's. If you want
to enforce an identity you should set these environment variables on
the SSH server side before invoking git-receive-pack, perhaps by way
of a forced SSH command the way gitosis or gitolite is installed.

-- 
Shawn.

Re: Who created a branch - reflog

[Miklos Vajna]

[-- Attachment #1: Type: text/plain, Size: 938 bytes --]

On Tue, Mar 08, 2011 at 06:57:38AM -0800, Shawn Pearce <spearce@spearce.org> wrote:
> reflog identity entries are derived from GIT_COMMITTER_NAME and
> GIT_COMMITTER_EMAIL in the environment at the time that the log event
> takes place. If these aren't set, they are derived from the current
> user's gecos, or from $GIT_DIR/config or ~/.gitconfig as the
> user.name/user.email variables.
> 
> Perhaps over SSH one of these is triggering for a user, allowing the
> user to fill in their own identity... or someone else's. If you want
> to enforce an identity you should set these environment variables on
> the SSH server side before invoking git-receive-pack, perhaps by way
> of a forced SSH command the way gitosis or gitolite is installed.

Then once I'm sure the users can't alter their identity on the server,
the same can be achieved using ssh as with http.

Great, that's exactly what I was needed. :)

Thanks!

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]