(resending previous response. Forgot to turn off HTML, and apprently gmail doesn't wrap lines automatically anymore?) On 31 January 2013 16:52, Scott Yan <scottyan19@xxxxxxxxx> wrote: > > The user info of git client (user name and email) is set by the users > themselves, so , how to avoid userA pretend to be userB? > > Git server could authentication the user, but it do nothing about the > user info of commit message. The simplest thing is to have the server reject commits that have the 'committer' set to someone other then the authenticated user. Of course, there are potential workflows that this would cause problems for, such as if you sync directly to another user's repository and then try and push those to a central server. The most robust system would probably involve using signed tags to verify what is being pushed, however I am not aware of any set-ups that have done this yet. Regards, Andrew Ardill -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html