How to force people to contribute to your git project

You have a great idea, and you want some credibility, but no one knows you. How do you get credibility, so people take your project seriously? If only you could get someone with credibility to approve your project… or just make it appear like so.

WARNING: I am not responsible for what you do with this.

Github.com is an incredible place for open source projects and communities to collaborate. They take a good stance with security by enabling 2FA options amongst many other restrictions within organizations to prevent an angry employee from destroying the companies work. They focus on protecting the repo, but if you have access to the repo, you can do some interesting things.

Identity on github is tied to one of two things: A username/password combo, or an ssh key. If you have an ssh key, you don’t actually need to validate the username, it grabs the username the ssh key is associated with.

So what happens when an ssh key has no identity associated with it? Well there is a config file in the .git folder, maybe it will look there? So if only you could allow write access to your repo by an ssh key that has no account…

Look at this fancy feature.

Oh. Deploy keys. Yea that’ll work!

What are deploy keys? To put it simply, if you want to have a remote sever able to pull a private repo, you can add it’s ssh key to this part of a repo so it has pull access. Wait… you can give it write access too?

Yes, I use Grammarly. (Confused? You probably don’t use Grammarly)

So I can now write to a repo with a key with no username. Let’s clone and set up some local git config settings (you need git 2.10.0 or above)

git clone git@github.com:Emyrk/IdentityTheft.git
# Set to look at the new sshkey
git config --local core.sshCommand "ssh -i ~/.ssh/fake_rsa -F /dev/null"
# Fake name and email
git config --local user.name DefNotSteven
git config --local user.email NotSteven@gmail.com

Now let’s make a commit and push it. Who will the author of the commit be?

Well, it was definitely not Steven obviously.

Github takes the username from your local config. You could just put famous names in there, but you cannot click on the profile, and there is no profile picture. So it still looks shady. Let’s take this up a Notch. That’s no typo, proper nouns are capitalized. I’m going to bring Notch from Minecraft into this repo.

Here is Notch’s github account. As you can see, his username is xNotch, so let’s set our username to that and see what happens.

Nobody will buy this. We need to go further

Hmmm, well that isn’t cutting it. Nobody will buy it for a second. We also have an email field, but we don’t know what email Notch is using. How do we find out? Well let’s try google. I made a simple google search and his email is *********@mojang.com (I am not putting his email here). What are the odds he uses that email for github?

git config --local user.email *********@mojang.com

What more proof do you need?

Well I’ll be damned. It worked. Actually I knew it would work from the start, but I’m sure you are surprised.

So there you have it. Adding anyone you want to your repo, you just need their email address. Once again I’ll add, I do not claim responsibility to anything you do with this. I won’t even give recommendations of what you could do with this like forging code reviews from your coworkers to get your pull requests in faster.

I hope you enjoyed the read, and if you are famous, you might want to make a new email address for your github that no one knows about.

Links

• Github Repo - https://github.com/Emyrk/ForEducationalPurposes