I'm new at GitHub and I've noticed that GitHub allows to commit under any user's data (and submit pull requests under my account using commits made with "fake" users data). For example, I am able to set my user.name and user.email and pretend that I'm another user, and GitHub will automatically link this user name to the original owner of the e-mail address, while actually that person didn't commit anything and didn't give any permissions to commit using his/her pesonal data. I'm quite lost, cause I have no idea how to prevent this. Not only I can use another's data, but people also can use mine. Can anyone please clarify this for me?
How to Commit Under Another User on GitHub
github
Related Topic
- On GitHub “Network” page, how to center on last commit (not just last commit to master)
- Why doesn’t GitHub update the contributions section when I commit
- GitHub Issues – Use of ‘User Referenced This Issue from a Commit’
- “Pin” link to commit reference from generic tree reference on GitHub
- GitHub Enterprise – Why Do I Show Up as Two Users in Reports?
- GitHub – Get Stable Commit-Specific Line-Link
- GitHub – How GitHub Determines the First Commit Date of a File
Best Answer
Each git commit contains author information as plain text (call it the commiter or the author). This data is filled from git config or from command line at commit time and can be faked because it can not be verified in any way.
Each git server accepts to receive git objects (including commit git-objects) from all write-enabled registered users. Those registered users push their work to the server (with commit author matching their name) as well as the contributed work of anyone which authorship is kept (commit author still matching real author).
Having core developers to accept commits from any contributor (sent as pull request, or by email for example) and push their contributed work mainline is a common git workflow in open-source projects.
Git does not permit the use of someone else's data but rather the use of its identity in commit author fields, yes. Hooks can be set on server-side to reject those commits but I never heard about such bad idea which denies the opportunity to keep root author names.