Wed, Dec 11
Let’s do it
Tue, Dec 10
If there are no objections I would be happy to accept the diff. @speck are your concerns addressed or should we continue discussion / consider other options?
Yep, manually setting your unverified (and not verifiable) email would still be possible 👍 just two clicks are needed from this kind of pages:
Another edge case: Most of my contributions to Phorge happened as part of my work for Wikimedia. Those commits are under an email address that I no longer have access to, since I am no longer employed at the Wikimedia Foundation.
Mon, Dec 9
Take for example this commit that has a default identity:
"Steal credit" might actually lead to a real issue: If a new user can get themselves identified as an old, trusted, user based on commit history, their changes might not be checked as rigorously by the rest of the team - similar to the XZ Utils backdoor issue, only faster.
Limitation: to steal a commit identity, it must be the default. Sorry I forgot to say.
Sun, Dec 8
Sat, Dec 7
What can a malicious user accomplish by claiming unverified email for commits? The idea outlined here sounds right but I’d like to understand what potential harm could be done on its current state, and also whether there’s any legitimate use case for the current behavior.
Thu, Dec 5
Wed, Dec 4
Mon, Dec 2
Oct 8 2024
Sep 20 2024
Sep 14 2024
Aug 24 2024
Aug 23 2024
Aug 21 2024
I personally prefer option 1, so, removing the duplicate body. So there is more creative space to then add a more useful body in the future.
This is becoming quite frustrating in my workplace in Torino. Let's start immersion mode.
Aug 9 2024
Aug 8 2024
At the moment we have a multi-thread command existence checker, and it early dies if a command is not existing.