Why use a real email address in Git?

I am fairly new to git (only used it for the last 2 months in my contributions to KiCad). When I first set up my Gitlab account and my local .gitconfig, I just followed the advice I read on the internet and decided to use my username (Qbort) as the Author name and the “private email” that Gitlab auto-generates (e.g. something like 124567-Qbort@users.noreply.gitlab.com) as the author email.

However, I recently started browsing the KiCad commit history and noticed most developers use their real names and email addresses. After seeing this, I’ve changed my settings so that when I make a commit it uses my real name as the author of the commit (I do like the idea of being credited for a contribution).

However, I’m still unsure about using my real email address. I’ve been reading about this and the conclusion I have reached is that putting a real email address as the commit email might not be a good idea. Spam bots can get hold of your email address by just parsing Gitlab website (see https://gitlab.com/kicad/code/kicad/-/graphs/master ), since Gitlab doesn’t make any attempt to obfuscate the commit email - it just shows it plain text.

In contrary, the developer mailing list (https://lists.launchpad.net/kicad-developers/) does a really good job of hiding the email addresses of individuals by replacing most of the address with “xxxxxxxx”.

So my question is: what are the reasons someone might decide to use their real email address as the commit/author email in git? Are there any benefits to doing so?

Thanks.

A repository isn’t bound to the provider it’s currently (primarily) hosted on. Why associate a commit with a basically random service?

Also, the actual repository along with all email addresses is public, so obfuscating them in the web UI helps against really crappy spam bots at best.

1 Like

@chschlue Ok I see your point regarding using Gitlab’s private email as the commit email which might change when the repository changes hosting provider. However, if the repository is moved to GitHub, they also provide an equivalent private email address (e.g. 123456+[USERNAME]@users.noreply.github.com) that you can use for this purpose?

I still don’t see why you’d make your primary email address fully public, easily accessible to spam bots?

I’m just trying to understand since I’m quite new at this. I’m probably missing the point, so apologies if it seems like a stupid question.

Obfuscating doesn’t really prevent spam bots from finding your email address. There’s so many ways for your email be leaked out that it should never be assumed that keeping it “secret” helps. Hell, even mobile apps have a good chance of using a SDK that’ll intrecept your email and pass it into the ~data mining~ pool and eventually up at the hands of spam bots. The best thing you can do is use an email provider with effective anti-spam measures like gmail.

But if you do believe it’s what you want to do, then yes, just use a false email. In workflows like gitlab/github, it means nothing other than crediting your identity (since emails are unique, names are not). The email address field is most important for email based workflows like the linux kernel.
You can also just create a pseudonym email account at gmail for use with git. And gitlab/github will let you add “alias” addresses in their settings to associate them with your main account.

I will say, if you are very much in the software engineering world, commits attributed to your emails of the right kind can attract recruiters to email you.

2 Likes

@marekr Thanks for the detailed explanation.

I’m just about to make a large contribution to KiCad (https://gitlab.com/kicad/code/kicad/-/merge_requests/279) and have been considering whether I should edit the commits in the MR such that the commit author is my real name and (maybe also) real email address.

Based on your comments it seems that there may actually be quite a few advantages to using a real email address: uniqueness of attribution (email is unique but name is not) + possible job opportunities (I won’t hold my breath on that one though!).

Do you then just use your real (primary) address or do you have different email addresses set up for different things?

I’m curious if anyone else has thoughts on this and how they handle it?

You could just create a email address only for git usage.

@pointhi is that what you’ve done?

I use one email for everything. I don’t fear spam because Gmail handles it just fine.

  • possible job opportunities (I won’t hold my breath on that one though!).

Yea, it’s minor in benefits and hard to quantify, but hey, I see any boost is better than nothing if desperate lol

The main reason I use a real address is to have uniformity across all the accounts/services I interact with. I use the same email for my GitLab and GitHub contributions, my Fedora Project account, and also for accounts on external bug tracking sites (such as for GCC, LLVM, wxWidgets, etc.). That is nicer for me because I only need one git configuration for user/email, and also I think it is nicer to tie together all the contributions. I try to actually use the same username across all services as well (except for my GitHub one, that one was an old email I had from university, and I regret not using the standard one I prefer now).

Another reason for using a real email would be if someone in the future wanted to contact you directly about a commit. While the services such as GitLab and GitHub allow for leaving comments on commits and mentioning people to ping them, it is nice to have a way that isn’t tied to the service.

I’m not concerned about spam on it, since the spam filters in GMail seem to do a decent enough job (I seem to only have one persistent spam email that it receives and actually have more problems with the filters marking GitLab things as spam when they aren’t).

The way I sorta handle it is to have multiple real E-mail addresses.
One E-mail address is exclusively for friends and family, and another is for more “publicly visible” purposes.

If that publicly visible E-mail address starts getting too much spam, it gets dropped and I make a new one.

For stuff like webshops, netflix and other potentially spam generators I use separate e-mail addresses. Deleting an e-mail account is a lot more effective than clicking on “unsubscribe” buttons as you keep your strings in your own basket.

I’m not sure but it seems like e-mail spam is a lot less prevalent than it was, say 20 years ago, or maybe I’m just lucky (concerning this small topic at least).

I have been wondering many times why easy access to e-mail addresses of a million or so software developers has not been abused by spammers (that I know of).

I use my real gmail address for everything but there is a great trick to make dealing with spam very easy.
When I subscribe to a service I put <mymail>+<servicename>@gmail.com as the address. anything sent to such address gets into your inbox but not only is it super easy to filter it out by “to:” field but you also know which sumbitch of a service sold you out when you suddenly start getting a bunch of spam.

To get back on topic:
Gitlab doesn’t protect your email because there is no point. Git stores commit author and email in open text anyway, anybody can do a checkout and get all emails. Trying to protect your email is not productive, it’s going to get spammed eventually.

I also use real email in git to get some credibility for my open source contributions and tie them to a single persona across all services.

I experience the same… I’m exposing my email everywhere and I don’t receive too much spam. More than 99% is detected and marked automatically

1 Like

Thank you all for your comments! It is great to see other perspectives on the topic.

Yes, this is the main reason I started this topic - I didn’t want to regret the decision in the future, especially after committing a sizable contribution such as the CADSTAR importer.

This is an interesting idea, but I think it does make the address itself a bit long if the aim of providing a Git email is for others to identify me (also I note that in your Git commits you have used your email address as-is).

Based on everyone’s input I think I might go ahead and change my Git configuration to use a real email address for my commits. I’ll need to think about whether I create a new address just for Git (with disadvantage of yet another inbox to have to look at) or just use my primary email address for this purpose (with the potential risk of spam).

In the meantime, if anyone else has any additional perspective - I’d love to hear!

???
A decent e-mail program only has to be configured once for each e-mail address, and then at set intervals checks them all So iet’s either weird, or I interpret this incorrectly.

Yes, fair enough - I think what I was getting at is maybe the idea of “multiple identities”: A primary email address that identifies “you” when you apply to jobs or that you give family/friends/ex colleagues so they can contact you and then a separate one for Git commits where you could possibly get someone contacting you specifically for a genuine purpose (either question about a commit or something similar). You might then contact that person with your primary email address as well/instead of your “git commit” address, and then it might get confusing - “who” are you?

Not sure if I made any sense above. I don’t think there is a right or wrong answer here but I’m inclining towards following what most people in this thread have done and just use my primary address to keep things clean identity-wise and let Gmail deal with the spam (which was really my only concern with providing my email address publicly).

Spam is no longer the scourge it once was due to providers like Gmail being very good at filtering them out. Using your real email address just makes it simpler for workflow. Like many people I use different email addresses for different types of email, so I get Git* email at a different mailbox from personal or shopping email.

It is even worse if you are out there combating it. It takes more resources all the time.

Yes, the ecosystem has evolved and expanded. The non-dodgy merchants have moved to Amazon or eBay who pester far more professionally. Advertising is through Google ads; the other day I got a PCB fab ad in my grocery and whitegoods bargains site feed, so Google must have been collecting my browsing activity. Conspiracy theorists use Facebook. Bots infest websites directly. Romance and Nigerian scams are about the only ones left using email.