Issues

Issue #8302 open

Allow users to use alternative identities for commits made online (BB-9432)

Miroslav Koskar
created an issue

Now when user does online edits / merges, email address used for record such commits is the "primary" one. That address is however used also for account related notifications and mainly for login and password recovery.

Hence, by doing online edits this email address is compromised.

This could be prevented if user had the option to instruct system to use other verified email address, preferably one matching his regular public Git identity.

Comments (5)

  1. Marcus Bertrand staff

    Thanks for the suggested feature. If you are concerned that your public commits expose an email you aren't comfortable sharing, for now, please change your primary email on your account to the one you wish to show up on your commits.

  2. Miroslav Koskar reporter

    It's not about that I'm not comfortable sharing email address, it's already shared in rest of Git history. The thing is that whatever email address I choose as primary it is the very same address I use to login or recover my password. So basically anybody knows half of my credentials without effort. It's a security leak. Of course I posses the email access, but now attacker knows what to target. So what you've suggested is not workaround for this issue.

  3. Log in to comment