mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: "Florine W. Dekker" <>
To: "René Scharfe" <>,
Cc: "brian m . carlson" <>
Subject: Re: Wildcards in mailmap to hide transgender people's deadnames
Date: Wed, 14 Sep 2022 11:07:34 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On 14/09/2022 09:40, René Scharfe wrote:
> Am 13.09.22 um 23:53 schrieb Florine W. Dekker:
>> Now, John can now add the following line to their mailmap config:
>> `John Doe <> <\*>`, which does
>> not reveal their old name.
> That would falsely attribute the work of possible future developers
> and to John as well.

Good point. I assumed such false positives would be unlikely because I 
was considering very-small-scale projects, but I agree that using 
wildcards is not at all feasible for larger projects.

> Supporting hashed entries would allow for a more targeted obfuscation.
> That was discussed a while ago:

That was an interesting read. I agree with Ævar in that thread in that I 
think URL encoding is sufficient. I think it meets Brian's use case of 
never having to see the old name again, and my use case of obfuscating 
it from accidental discovery by friendly collaborators. While a hash 
certainly gives a stronger sense of security, I think it's a false sense 
of security, because, as you note below, recovering old email addresses 
from the tree is not much more trivial than reversing the encoding. And 
either way, a sha256 hash can easily be inverted in a few days(?) using 
a dictionary attack with email addresses from data breaches. As someone 
who has changed her name, I would be content with using a simple URL 

>> Someone could always spend more effort to uncover the name using more
>> advanced tools, but the point of this feature is to prevent
>> accidental discovery of the name in cases where completely hiding the
>> name is not feasible.
> Extracting old email addresses from a repository is easy by comparing
> authors' email addresses without and with mailmap applied, no advanced
> tools required.  Here's mine from Git's own repo:
>     $ git log --format='%ae %aE' |
>       awk '$1 != $2 && !a[$0] {a[$0] = 1; print}' |
>       grep -F
> The same can be done with names (%an/%aN).

You're absolutely right. With "advanced tools" I was referring to 
anything more advanced than a plain `git log` ;-)

- Florine

  reply	other threads:[~2022-09-14  9:19 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-13 21:53 Wildcards in mailmap to hide transgender people's deadnames Florine W. Dekker
2022-09-14  7:40 ` René Scharfe
2022-09-14  9:07   ` Florine W. Dekker [this message]
2022-09-19 11:20     ` Ævar Arnfjörð Bjarmason
2022-09-19 12:27       ` rsbecker
2022-09-19 15:19       ` brian m. carlson
2022-09-19 16:31         ` Junio C Hamano
2022-09-19 17:26           ` brian m. carlson
2022-09-20 10:23         ` Ævar Arnfjörð Bjarmason
2022-09-20 14:58           ` Florine W. Dekker
2022-09-21 16:42           ` Junio C Hamano
2022-09-26  9:14             ` Ævar Arnfjörð Bjarmason
     [not found]   ` <>
2022-09-16 16:59     ` Florine W. Dekker
2022-09-20  0:32       ` brian m. carlson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).