Does Git publicly expose my e-mail address?
Git uses your email address to identify you, as well as do other tasks (such as sign a tag with a GPG key). Your email address does get embedded as part of your identity in commit logs, etc., along with the name you specify. For example, the "author" field in a commit log would show up as:
Author: Joe White <[email protected]>
So the information is available to anyone with a copy of the repo, since it acts as an identifier.
Your email probably won't be visible to spambots, though, unless you use Gitweb, or a service like GitHub, to make your repo available through a web interface (merely putting it on the Internet doesn't do this).
I suppose you could fill in a fake email address or use an empty string or space or something (I don't think Git checks the format or validity of the email), but the email is useful if someone who clones the repo needs to send you a patch or contact you in some way.
Update April 2017
See "Private emails, now more private"
GitHub has supported using an alternate "noreply" email address to author web-based commits for a while now. Starting today, there's another way to ensure you don't inadvertently publish your email address when pushing commits to GitHub via the command line.
Git uses your email address to associate your name to any commits you author. Once you push your commits to a public repository on GitHub, the authorship metadata is published as well.
If you'd like to ensure you don't accidentally publish your email address, simply check the "Keep my email address private" and "Block command line pushes that expose my email" options in your email settings.
Note: as commented below by orev, Git doesn't expose anything. GitHub, a Git repositories hosting service, might.
The place where you are pushing your local Git repo can expose metadata.
Note: Starting August, 9th 2013, you now can keep your email address private!
That is for web-based GitHub operations though: the commits still contain an email address, which could or could not be the same than the one used for your GitHub account.
See below to "mask" that (git commit) email too.
Until today, all web-based GitHub Flow used your primary email address. This includes creating, editing, and deleting files, as well as merging pull requests.
But now you can keep your email address private. To do so, visit your email settings page:
With this turned on, web-based operations will use a [email protected] email address.
If you want to hide your email made from your computer, GitHub now allows you to register different email addresses: see this guide.
You still need to configure your (fake) email in your local repo before pushing back to GitHub, if you want your commits to reflect
git config --global user.email "[email protected]" # Set email to slightly changed value
git config --global user.email # Verify the setting
# [email protected]
Then:
- Go to the Emails setting menu
- Click "Add another email address"
- Enter the fake email (e.g. "
[email protected]
") and click "Add"
Note that:
This setting only affects future commits.
If you want to erase your real email address from your repository's commit history, you will have to rewrite your old commits. The easiest way to do this is to:Use
git filter-branch
to rewrite the repository history and Force-push the new history up.
GitHub has a help article called Keeping your email address private, which begins:
Git requires you to identify yourself in order to make commits, but you can hide your contact information by using a fake address. Git itself doesn't care if the email is valid.
Good to know: Although Git does not care, some projects might not accept contributions from you if your commits do not have a valid email address, so you will want to research your project's contribution policies before following these instructions.
GitHub does not get many reports of spam being sent to Git commit email addresses, but if you are worried about it, this guide should help you address those concerns.
The guide contains steps how to configure both Git and GitHub to use a fake address.