jgravois
commented
8 years ago i'll just leave this here: https://blog.erincall.com/p/signing-your-git-commits-with-gpg
Closed palaiya closed 8 years ago
jgravois
commented
8 years ago i'll just leave this here: https://blog.erincall.com/p/signing-your-git-commits-with-gpg
When we push some changes to the repository. It prompts for the username and password. After entering correct credentials. Your changes are pushed to the repository. But in the commitlogs it shows the username corresponding to the email id mentioned in the .gitconfig file. If exists otherwise if username for the particular email id doesn't exist. It shows the username mentioned in the .gitconfig file. So, anyone can spoof the username and email id and can push the changes to the repository. And in the commit log you will see the username of the person would be different than the person who pushed the changes.