21 May 2013
Remember: Your Git Commit Email is Public
Here’s a fact I don’t think a lot of people know. Or rather they do know, but haven’t thought about:
Your git commit email is public
I spend a lot of my time on GitHub looking for talented developers to work with me at Shopify. In order to get in touch with them, I usually just click the email link on their profile.
When there isn’t an email listed, I simply use GitHub’s public API to get that person’s recent public activity, and search for an ‘@’ symbol. This yields a valid email in 100% of cases.
Here’s my profile page as an example: http://davefp.github.com
Now here’s my recent public activity: https://api.github.com/users/davefp/events/public
If you browse the JSON you’ll actually get two addresses of mine: My personal email (firstname.lastname@example.org) and my work address (email@example.com).
I’m not concerned with who has my email address. I consider it to be public info anyway. But if you don’t want all and sundry reading yours, consider using a fake address in your git identity.
Update: vsbuffalo on Hacker News points out that GitHub has a help page to help you configure your commit email if you so desire: https://help.github.com/articles/keeping-your-email-address-private
Thanks for reading! If you like my writing, you may be interested in my book: Healthy Webhook Consumption with Rails
David at 10:51