I am using git bash locally and committing to repos based up on github.com. I can simply run the following command to configure repo specific settings: -
git config user.email "myColleague@work.com"
Hey presto, all futher commits come up with my work colleagues profile picture and even revealed his user name!
I did not change any credential settings so I know that I am using my github.com username and password to connect. But to all intense and purposes, I could write malicious code and he would get the blame.
So my two questions are: -
Why is this possible?
Is there a way of seeing the credentials that were used to push to github.com for each commit?
We do have accounts in the same organisation, but I am using a personal account to do this which has no relation to that organisation.