Git-blame-someone-else – Blame someone else for your bad code (opens in new tab)

It's a bit worrying that GitHub will happily associate someone's face on a commit that they didn't write: https://github.com/jayphelps/git-blame-someone-else/commit/e...

Perhaps GitHub should only do this for signed commits or commits to the author's own repository or something.

GitHub also allows you to add anyone to a project without their consent (or has this changed?). This reminds me of the Facebook prank where someone added Mark Zuckerberg to a fake(?) pro-paedophile group.

I'm actually surprised that git doesn't sign commits by default. (i.e. I had assumed that it did.)

It already has the keys set up and such.

Nice tutorial, but aren't you aware that "git blame -w" ignores whitespace changes? git blame also always follows renames. git's rename detection isn't foolproof (if I edit and rename A.cpp to A-star.cpp at the same time as adding a new A.cpp file it won't detect it), however there are two more blame options for that: -C to follow lines copied between files, and -M to follow lines moved within a file.

Unfortunately, adding -M and -C will quite badly increases the time to compute the blame. Both take an adjustable parameter (min number of characters to match), but I found I actually had to reduce it to catch all the lines in an example of the A.cpp -> A-star.cpp move I did yesterday.

I found http://1dan.org/git-blameall/ an incredibly useful tool for similar (not identical) purposes.

> It's been my experience, especially in the startup scene where business requirements change often, that `git blame` rarely shows you what you want. Files get renamed, moved, re-indented, etc, frequently.

Blame follows renames in most cases (unless you're doing something like creating a new file with the same name as the renamed one in the same commit), and you can use the -w flag to ignore whitespace changes.

We moved the comments here from a later thread that hijacked "Show HN" (https://news.ycombinator.com/item?id=11053078). We also rolled back the clock on the current thread so it would go to the same position on the front page. It's still not really a fair swap because the other post has most of the points, but people will probably keep upvoting this one.

Um, mostly no. This can be trivially detected only when you are changing things already pushed.

Being a dvcs, you create atleast one commit on your local repo before pushing to a remote. That one (or more) commit can be changed to point at anyone and pushed.

> all following commits are preserved (hash doesn't change), but that's essentially impossible.

Actually, you only need one brute-force (of the commit that you're changing); subsequent commits only refer to the parent hash, and here we're not changing the commit trees either.

SHA1 is already considered broken, so git really should switch to SHA256 soon. This whole "sha1 commit hashes are not for security" argument is mostly naive and bogus.

The only way it would be safe, is if (a) everyone set their GPG to default to SHA256 or above (older versions still default to SHA1) and (b) either (b.1) everyone signed every commit this way, or (b.2) everyone signed their tags this way and just before tagging, reviewed their local commits including commits not authored by them up to the previously trusted tag.

But if git defaulted to SHA256 or SHA512, then we wouldn't have to reason through the complex scenarios involving (b). Making something "too secure" is a good thing if it simplifies your security analysis and allows you to use your head for other productive things.

As stated in the project read me, it's just a joke project.

It does a rebase, so everybody that has a copy and pulls will notice.

Much better. Love the hacker's twist. :)