That said, this may also introduce the edge case where, if we rely solely on the email address (a user-controlled field), and someone decides to make a commit in someone elses name, that will get resolved to the other person.
Originally posted by @MoralCode in #3784
This made me thing: we should probably be keeping track of whether commits are GPG signed or not (or even better, if the signatures are valid). that way theres a column that can help researchers know for sure that a commit came from the named person
Originally posted by @MoralCode in #3784
This made me thing: we should probably be keeping track of whether commits are GPG signed or not (or even better, if the signatures are valid). that way theres a column that can help researchers know for sure that a commit came from the named person