Issue #8652 open

Prevent false committer attribution (impersonation) (BB-9788)

Erik van Zijst
staff created an issue

Bitbucket's UI automatically links commits to the Bitbucket account whose email address matches that of the committer string. However, this allows for users to accidentally or deliberately use another person's address in a commit and have that commit be attributed to this person on the site.

To guard against this, add a button to the account settings to disable this functionality and instead perform automatic commit attribution only for repos that are owned by the account.

Note that this does not prevent users from using incorrect committer addresses and this name and address will still show up in the UI, but it will prevent the name from linking to the account and render the user's avatar.

Comments (9)

  1. selenamarie

    +1

    I would refine the title of the bug to be about preventing linked attribution, rather than preventing impersonation.

    It's worth discussing the features required to prevent committer impersonation, but I think that's probably out of the scope of this particular issue.

  2. Erik van Zijst staff reporter

    I would refine the title of the bug to be about preventing linked attribution, rather than preventing impersonation.

    Agree. I've kept the word impersonation in brackets for searching.

  3. selenamarie

    I've given this a bit more thought, and wonder if it would be possible to present a user with a list of repos that their identity shows up in, and allow them to selectively disable commit attribution per repo.

    The reason why I think selectivity is important is that the feature can easily be gamed to force a whole group of marginalized people into being unlinked.

    Allowing the user to select which repos are allowed to link to them helps the user still remain visible without being punished for maybe a single repo that is targeting them for fraud/abuse.

  4. selenamarie

    This is a very different issue from signed commit support.

    Signed commits are still not an industry standard. Most people do not sign their commits.

  5. Log in to comment