Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-13552

As a repo admin I want to see which user pushed each commit in my repo - Customer request

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      In Commits page of a repository, the field Author shows the Bitbucket user the following way:
      The commit author's email is checked, to see if it matches a confirmed email of a Bitbucket user. If it does, this user appears as author of the commits.

      Sometimes users have in their .gitconfig file an email different than their Bitbucket account email.
      In this case, no Bitbucket user shows as Author.
      Additionally, users may accidentally use someone else's email in their .gitconfig (e.g. using a different laptop), and the commits they push show an author different than themselves.

      Repo admins/owners would like to be able to see which user pushed a commit in Bitbucket, in order to track a commit to the user that pushed it.

      Suggested Solution

      In Commits page of a repo, add a column that shows which Bitbucket user pushed each commit.

            [BCLOUD-13552] As a repo admin I want to see which user pushed each commit in my repo - Customer request

            Charles G added a comment -

            People could make public repos and impersonate people under the current system.  Seems like a major security flaw to me. 

            For example they could find users emails from newsgroups and create public interest in a project by impersonating someone else's email.  Worse is the user's commits link to that Bitbucket users account, which seems like a major security concern.  

             

            Charles G added a comment - People could make public repos and impersonate people under the current system.  Seems like a major security flaw to me.  For example they could find users emails from newsgroups and create public interest in a project by impersonating someone else's email.  Worse is the user's commits link to that Bitbucket users account, which seems like a major security concern.    

            Hi, are there any plans to get this issue working? It will be really helpful for us.

            Jonathan BRS added a comment - Hi, are there any plans to get this issue working? It will be really helpful for us.

            This really needs to be improved as currently any random user may be associated with a commit within a repository with restricted access in case global user is different from the user who cloned the repo.

            Denis Kravtsov added a comment - This really needs to be improved as currently any random user may be associated with a commit within a repository with restricted access in case global user is different from the user who cloned the repo.

              Unassigned Unassigned
              tboudale Theodora Boudale
              Votes:
              5 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: