top | item 39580264

(no title)

It doesn’t seem hard to attribute 1/5 commit in a PR to another person. Then you publish it, no one checks out the individual commits (because that’s how forges are like in my experience), and it gets merged because the 2,000 line diff “LGTM”.

I don’t really have belief in the processes of these corporate environment unless the auditing is given on a silver platter.

Meanwhile on email: people get an email per patch, where the commit message part has to contain a `From:` line in order to override the email-is-author behavior.

PS: There is a utility to giving commit authorship to someone else. Someone sends me the change through a DM. I commit it. Did I author it? No, so I give that to them. Not an exotic use-case at all of this seemingly nefarious feature.

discuss

No comments yet.