堆栈内存溢出
  简体   繁体   English

GIT和GitHub-如何确定谁将提交提交到存储库中?

[英]GIT and GitHub - How can I tell who landed a commit into a repository?

 原文  2012-03-20 21:57:06       git/ github/ commit/ author

问题描述

On GitHub: 在GitHub上:

Eve writes some code in her fork of some popular project, commits as "Eve" <eve@example.com> , and sends a pull request upstream. Eve在某个热门项目的分叉中编写了一些代码,提交为"Eve" <eve@example.com> ,并向上游发送拉取请求。

Alice doesn't notice that Eve's code contains a backdoor to the popular project that she works on, thinks the code is great, and merges the pull request. 爱丽丝没有注意到夏娃的代码包含了她所从事的流行项目的后门,认为该代码很棒,并且合并了请求请求。

Later, everyone gets owned. 后来,所有人都拥有了。

Bob, Alice's boss, would like to fire whomever landed the code. 爱丽丝的老板鲍勃(Bob)希望解雇任何找到该密码的人。 He does a git log --full , and sees: 他做了一个git log --full ,并看到: 

commit deadbeef
Author: Eve <eve@example.com>
Commit: Eve <eve@example.com>

git log --fuller doesn't help, and Eve doesn't have direct push rights to the repository. git log --fuller没有帮助,并且Eve没有对存储库的直接推送权限。

Bob can dig around the pull request history, and find it that way, but that sucks. 鲍勃可以挖掘拉取请求的历史记录,并以这种方式找到它,但这很糟糕。 Is there a way to figure this out locally? 有没有办法在本地解决这个问题?

1 个解决方案

解决方案1
 3 已采纳  2012-03-20 22:08:03

In general with git, you could use git signoff (see What is the Sign Off feature in Git for? ) and then add a update hook to reject any pushes that don't have a signoff. 通常,使用git时,您可以使用git signoff(请参阅Git中的Sign Off功能有什么用? ),然后添加一个更新钩子以拒绝没有签名的任何推送。 However, GitHub doesn't seem to allow custom hooks in general, but you could add a post-receive-hook to log all future push events: 但是,GitHub似乎一般都不允许自定义钩子,但是您可以添加一个post-receive-hook来记录所有将来的推送事件:

http://help.github.com/post-receive-hooks/ http://help.github.com/post-receive-hooks/

If this was an event that already happened, it might be hard (or impossible?) to track down. 如果这是已经发生的事件,则可能很难(或不可能?)进行跟踪。 You might be able to look at the git reflog and ssh logs, but I'm not sure whether GitHub provides such information. 您也许可以查看git reflog和ssh日志,但是我不确定GitHub是否提供此类信息。 If it really was a security breach, it might at least be worth asking them what logs they have. 如果确实是安全漏洞,则至少值得询问他们拥有哪些日志。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我如何找出提交如何进入Git分支? - How can I find out how a commit landed in a Git branch? 虽然我正在提交 git commit -m “first commit” 它说告诉我你是谁,我该如何处理 - while iam commiting git commit -m “first commit” it says tell me who you are how can i handle this 我如何知道git存储库的深度? - How can I tell the depth of a git repository? 当我使用git命令行工具提交github存储库时如何显示用户名 - How can I show my username when I commit my github repository using git command line tool 如何在GitHub上提交并推送到其他人的存储库? - How can I commit and push to someone else's repository on GitHub? 如何在没有本地git仓库的情况下提交到github仓库? - How to commit to github repository without a local git repository? 我无法将提交推送到github存储库 - I can't push commit to github repository 我如何只保留git仓库的1个提交历史记录? - How can I keep git repository only 1 commit history? 如何将 git 存储库回滚到特定提交? - How can I rollback a git repository to a specific commit? 如何取消提交 git 裸存储库中的最后一次提交? - How can I uncommit the last commit in a git bare repository?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM