Original request description
When performing a push, the author that is displayed by Stash is just taken from the author in the local git configuration, so essentially another developer can commit code against another developer's name and push it to the server to make it appear like that developer committed the code change.
In other words, when performing a push, stash doesn't ensure that the user performing the push is the same user as the GIT comitter. This allowed an authenticated user to push updates that appear to come from a different user by configuring their local GIT client with a different username/email address. I can see we may be able to work around this by implementing a GIT hookthat checks the REMOTE_USER variable exposed by Stash.
Are there plans to implement this functionality directly into the product to improve security?
We need to have complete traceability on the push to the shared repository, is there a way of achieving this with Stash