Allow using different identity for commits instead of the login email

[janbrasna]

The ability to change the publicly visible email different from the login email (that's often not being able to be selected if that comes from federation/SSO) was added in #2407, however commits continue to be attributed to the login email, thus making it public.

I'd honestly prefer to enter a separate email to be used just for the actual commits, instead of using the account or contact email (i.e. a username@noreply version for GH, not sure how feasible that is with more VCS integrations). if that sounds too specific, I'd be happy to chose at least some more public email for both contact and commit purposes, instead of the (in my case) auth0-linked login email.

Why I'm raising this is that in my case the actual email used for authoring commits is a one that I have verified at GitHub, set as private, and set privacy protections to reject pushes including said email instead of a cloaked alias — so chances are due to that GH may reject any pushes containing that exact author emails (perhaps even failing some pipelines or automation?)

[janbrasna]

Linking previous conversations about this specifically:

• Use contact email for commits if it exists #2740
  (that doesn't mention the SSO identity email would be used instead, tho…)

[mathjazz]

I'd keep it simple and just use the contact email address for commits.

[flodolo]

I'd keep it simple and just use the contact email address for commits.

We don't validate the contact email address (at least from my local test). This doesn't feel like a great idea, since I could then pretend to be someone else in the commit.

More important, the goal of a "contact email address" is to provide an email address that people actively check. We shouldn't expose that in commits.

The clean approach would be a separate field, with validation, and maybe exclude from validation the pattern @users.noreply.github.com. Not sure that helps with commits to other VCS systems.

[mathjazz]

I'd keep it simple and just use the contact email address for commits.

We don't validate the contact email address (at least from my local test). This doesn't feel like a great idea, since I could then pretend to be someone else in the commit.

Correction: We validate contact email addresses. After you make a change, you will see "Check your inbox to verify your email address" under the input field. Only after you click the link sent to you in the email, the address will be verified and used.

The clean approach would be a separate field, with validation, and maybe exclude from validation the pattern @users.noreply.github.com. Not sure that helps with commits to other VCS systems.

I agree this is better.

[flodolo]

After you make a change, you will see "Check your inbox to verify your email address" under the input field.

D'oh, I completely missed that.

Still, we shouldn't use the contact email without a choice for users. If we don't want to go the full length, we should at least have a selector on what to use for commits (user email, contact email).