Pseudonymous commits

Pseudonymous commits

[Mike.lifeguard]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Git gives attribution by a "name" and an "email" - however several
contributors I work with are uncomfortable giving that information. I
can easily use a pseudonym (I do so for myself), but is there any way to
not have an email? Or shall I just use "not@real.email"?

While on the subject, I'm curious why name+email was decided upon for
attribution, instead of name + optional-email + optional-URL or
something that might provide additional information or useful metadata.

Thanks,
- -Mike

PS, I still have a question about git-svn & splitting repos with
filter-branch under subject "dcommit-ing from a split repo"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuq3zQACgkQst0AR/DaKHsDZQCgxitnecj1I6NMDIindJuQna/u
AoUAoNlYAQKHYx5PGYNY3MaeiKXh49qa
=etTo
-----END PGP SIGNATURE-----

Re: Pseudonymous commits

[Theodore Tso]

On Mar 24, 2010, at 11:57 PM, Mike.lifeguard wrote:
> 
> Git gives attribution by a "name" and an "email" - however several
> contributors I work with are uncomfortable giving that information. I
> can easily use a pseudonym (I do so for myself), but is there any way to
> not have an email? Or shall I just use "not@real.email"?

Most projects want some kind of way of communicator with their contributors; and some kind of accountability with their contributors.  Otherwise, how do you know whether said contributor isn't a Chinese intelligence agent trying to insert a backdoor into your program by submitting change using techniques demonstrated by the Underhanded C contest[1]?  :-)

[1] http://underhanded.xcott.com/

Of course, someone can easily claim any random name, and it's not hard to get a mail account; you could pick a random name like "Mike Lifeguard", and get a gmail account, for example.  :-)   On the Internet, no one knows whether you are a dog.  (Or a Chinese secret agent.  :-)

But if someone isn't willing to give even an e-mail address, I would think even the most lax project would probably want to think twice about whether to accept patches from this contributor....

-- Ted

Re: Pseudonymous commits

[Mike.lifeguard]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10-03-25 01:39 AM, Theodore Tso wrote:
> How do you know whether said contributor
> isn't a Chinese intelligence agent trying to insert a backdoor into
> your program

Because they are only contributing translations.

Not everyone has important projects like the kernel :)

- -Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuq6YAACgkQst0AR/DaKHsMcQCgnm5/RfxlTNC0+0Mrw2jtgjez
IgsAn117HtEZyf1XX88HR9vbSxZiTkQI
=1Kx1
-----END PGP SIGNATURE-----

Re: Pseudonymous commits

[Kris Shannon]

Accountability for translations is even more important because review is
usually a LOT harder.

On 25 March 2010 15:41, Mike.lifeguard <mike.lifeguard@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10-03-25 01:39 AM, Theodore Tso wrote:
>> How do you know whether said contributor
>> isn't a Chinese intelligence agent trying to insert a backdoor into
>> your program
>
> Because they are only contributing translations.
>
> Not everyone has important projects like the kernel :)
>
> - -Mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkuq6YAACgkQst0AR/DaKHsMcQCgnm5/RfxlTNC0+0Mrw2jtgjez
> IgsAn117HtEZyf1XX88HR9vbSxZiTkQI
> =1Kx1
> -----END PGP SIGNATURE-----
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: Pseudonymous commits

[Mike.lifeguard]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10-03-25 01:54 AM, Kris Shannon wrote:
> Accountability for translations is even more important because review is
> usually a LOT harder.

I didn't say the translations weren't reviewed, or the translators were
unaccountable. They are in both cases.

In any case, is the answer "git can't do that" or not? Because that's
actually the answer I'm interested in.

Thanks,
- -Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuq7fcACgkQst0AR/DaKHvjLwCgxLt0Nf7a6u1s15hgtqOpAWAm
mRcAoKnax9/54hbNXpGHlvMYRrwTj85C
=4ele
-----END PGP SIGNATURE-----

Re: Pseudonymous commits

[Avery Pennarun]

On Thu, Mar 25, 2010 at 1:00 AM, Mike.lifeguard
<mike.lifeguard@gmail.com> wrote:
> On 10-03-25 01:54 AM, Kris Shannon wrote:
>> Accountability for translations is even more important because review is
>> usually a LOT harder.
>
> I didn't say the translations weren't reviewed, or the translators were
> unaccountable. They are in both cases.

I think the point is that if you don't even have contact information
for them, they can't *really* be accountable.  But of course that's up
to you.

> In any case, is the answer "git can't do that" or not? Because that's
> actually the answer I'm interested in.

Every committer (and author) in git has a (nonempty, I think) name and
an email address, and that's how you identify the committer (and
author).  What you do with those fields is between you and your
project maintainer.

Have fun,

Avery

Re: Pseudonymous commits

[Alex Riesen]

On Thu, Mar 25, 2010 at 06:00, Mike.lifeguard <mike.lifeguard@gmail.com> wrote:
> In any case, is the answer "git can't do that" or not? Because that's
> actually the answer I'm interested in.

git commit --author "I am not Mike Lifeguard <mike.lifeguard@gmail.com>"

Re: Pseudonymous commits

[Santi Béjar]

On Thu, Mar 25, 2010 at 6:00 AM, Mike.lifeguard
<mike.lifeguard@gmail.com> wrote:
> In any case, is the answer "git can't do that" or not? Because that's
> actually the answer I'm interested in.

Git uses the author/committer info for diferent things. First, it is a
unique identifier (name+email); second it is used when dealing with
mails (in and out mails).

If you don´t use email (for review, or contributions) you can build
the identifier as you want without the need to be name and email, it
is up to the project. For my private projects I use name=Santi
email=santi, so the author/committer info is "Santi <santi>" and I
haven´t found problems. Note that I don´t send/reveive emails to
contribute, just fetch and push. Maybe it would be better to use a
user.email that resemble an email, with @ and such.

HTH,
Santi

Re: Pseudonymous commits

[Nicolas Pitre]

On Thu, 25 Mar 2010, Mike.lifeguard wrote:

> On 10-03-25 01:39 AM, Theodore Tso wrote:
> > How do you know whether said contributor
> > isn't a Chinese intelligence agent trying to insert a backdoor into
> > your program
> 
> Because they are only contributing translations.

Just take over authorship of the patch yourself then.

Or pick a generic email address such as the translator's mailing list 
email address or the like.


Nicolas

Re: Pseudonymous commits

[Mike.lifeguard]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the end, I managed to convince them they wouldn't be spammed (hope
I'm right), and I used their real emails. Nonetheless, I appreciate the
help.

If you're still in the helping mood (and know what you're talking
about), I'm still looking for help with a case where an SVN repo is
split into separate git repositories & being unable to dcommit changes
back to SVN. The archived email is:
http://article.gmane.org/gmane.comp.version-control.git/142654

Thanks,
- -Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuruNwACgkQst0AR/DaKHsN/QCg2wyWwps6FEibNlBI5hlf9Fwd
ODcAoKkcjpxNkPrVxlT690F2znoAUzlU
=rkB8
-----END PGP SIGNATURE-----

Re: Pseudonymous commits

[Nicolas Pitre]

On Thu, 25 Mar 2010, Mike.lifeguard wrote:

> In the end, I managed to convince them they wouldn't be spammed (hope
> I'm right), and I used their real emails. Nonetheless, I appreciate the
> help.

Oh, if your project is public and accessible through gitweb then 
spammers will certainly scan it and pick up their email addresses.  
Maybe some of them might even go as far as cloning Git repositories just 
for that purpose.  Only local spam filtering may help in that case.

> If you're still in the helping mood (and know what you're talking
> about), I'm still looking for help with a case where an SVN repo is
> split into separate git repositories & being unable to dcommit changes
> back to SVN. The archived email is:
> http://article.gmane.org/gmane.comp.version-control.git/142654

I know a little about Git, but not git-svn.  Someone else will have to 
help you with that one.


Nicolas

Re: Pseudonymous commits

[Chris Packham]

On Thu, Mar 25, 2010 at 1:14 PM, Nicolas Pitre <nico@fluxnic.net> wrote:
> On Thu, 25 Mar 2010, Mike.lifeguard wrote:
>
>> In the end, I managed to convince them they wouldn't be spammed (hope
>> I'm right), and I used their real emails. Nonetheless, I appreciate the
>> help.
>
> Oh, if your project is public and accessible through gitweb then
> spammers will certainly scan it and pick up their email addresses.
> Maybe some of them might even go as far as cloning Git repositories just
> for that purpose.  Only local spam filtering may help in that case.
>

Sounds like it'd be a really good option to have in gitweb to
obfuscate email addresses a-la gmane and practically every other web
based mailing list/news reader. Could be fairly low hanging fruit with
a decent payoff (not that I'm volunteering). Can't do much about clone
and spam.

Re: Pseudonymous commits

[Jakub Narebski]

Nicolas Pitre <nico@fluxnic.net> writes:

> On Thu, 25 Mar 2010, Mike.lifeguard wrote:
> 
> > On 10-03-25 01:39 AM, Theodore Tso wrote:
> > > How do you know whether said contributor
> > > isn't a Chinese intelligence agent trying to insert a backdoor into
> > > your program
> > 
> > Because they are only contributing translations.
> 
> Just take over authorship of the patch yourself then.
> 
> Or pick a generic email address such as the translator's mailing list 
> email address or the like.

In the case of translations one cal use generic "language team"
mailing list, i.e. <LL@li.org> (where LL is ISO code of language,
e.g. 'de@li.org' for translations to German, etc.).

-- 
Jakub Narebski
Poland
ShadeHawk on #git