This is because the user has a different email configured for merges on GitHub than the one they used for commits in the PR. See the devguide for more information on the topic.
Best way to go forward is to ping the user and ask them to sign it (I went ahead and did this for you). If the backport is important and they don’t respond, then I suggest force-pushing commits with the previous email they used (and signed the CLA for) to the backports.
No reply to your comment and the user’s GH profile is pretty bare. How can I see what email addresses are involved? Which one they signed with and which one they didn’t not? I’d like to try and contact them direct.
If not, not sure how to force-pushing commits with the previous email they used, but I guess an LLM can help?
There’s no need for guess-work, because you’re in luck, I just so happen to be a wizard. I checked my magic ball and the email they used previously is: [see link below]
To get the email you simply have to check the commit author for their commits in the PR, you can either do this manually by pulling them and getting the commit details, or by opening GitHub’s “patch” view by appending .patch to the PR URL: https://github.com/python/cpython/pull/150176.patch
Yes, sorry, I could have just provided the link to slow down crawlers (which also isn’t ideal, however, as I presume they’re crawling GitHub too ).
Unfortunately once you push to GitHub your email will be there publicly for eternity. For anyone interested in preventing that, GitHub provides a setting that blocks pushes that would expose your email, see the documentation for more information.
Maybe it is a feature that GitHub made email address hard to locate that Chris couldn’t find it easily. Sharing other people’s personal email address without thought or concern about it is a different matter.
GitHub is also a public forum. If email address privacy is a concern, then one should either not contribute to Open Source, or one should use pseudonyms and/or separate email accounts.
They made them quite easy to locate - all you have to do is view the patch, fetch the branch, or in any other way directly look at the commit. Git commits are always credited to a name and an email address, by design, and those names and addresses are public whenever the commit is.
I believe that’s the default, but there’s an email setting on your Github profile to enable “email privacy”: When enabled, it appears to hide your email address. For example, this is what I see in commits from @rhettinger:
Author: Raymond Hettinger <rhettinger@users.noreply.github.com>
This comment is concerning to me. Knowing to use pseudonym or other email address/identity, knowing how to adjust GitHub setting to hide email address, are things an experienced contributor already know how to do. A newcomer to open source wouldn’t know any of these. Even experienced contributors made this mistake as well, and only started adjusting their emails settings at a later time.
The way you phrase it, is as if “newcomers should have read the fine print and should have known better that their email could get exposed” does not sound welcoming, and is basically gatekeeping.
Just because the email address exist out there, doesn’t make it our right to simply take it and copy pasting it in other platform. The contributor may not realized their mistake. They associated their email address because they created GitHub account and set up their git info that way. If they want to share their email address on other platform like Discourse, it should be up to them, not by us. “Availability” and “permission” are two different things.
“Easy” is relative. The fact that it wasn’t easy for Chris that he had to ask how to locate it.
There are already bad actors out there scraping email addresses from websites for spam/phishing/or whatever bad purposes. We shouldn’t help make it any easier by freely copy pasting other people’s email address from one forum to another.
When it comes to personal information like email address, let’s try to share it more privately and ask their permission first.
Everyone who uses git to view the history already has access to the email addresses. The only question is how easy it is to get using GitHub’s web UI, and for that, viewing the patch is the easiest.
It is ALWAYS the user’s choice as to which email address is used in git, and Tim says it’s possible to have GitHub change those on arrival for further obscurity. Putting your email address into a git commit is equivalent to using that email address to post to a public mailing list - do people remember what those were? The things we used before services like Discourse seemed to become everyone’s expectation? People’s email addresses were, and in many places still are, the standard way to identify their creations.
Using an email address in a public forum IS granting that permission. Many people create dedicated mailboxes specifically to avoid sharing their main addresses. We don’t need to be paranoid after the event.
Keep in mind that, if something as simple as this can “reveal” an address, anyone scraping addresses already has it. We are not doing anyone any functional service by being coy with something that’s already out there.
I’m kind of surprised that we are talking about personal information being public or not as an absolute binary yes/no. It’s true that the email address is public on GitHub. That doesn’t mean we should splash it around in a different forum with a different audience in a much more visible way.
It’s a form of respect to treat their information with care.
I especially am not sure why we are debating this given that the original mention of the email address has already been edited away in this thread.
Avoid publishing personal information about others, including email addresses. Even if it’s available publicly elsewhere, consider that the person may not want it spread further or associated with other context. It’s their choice when and where they publish their information. Accidents happen, so if you see someone posting someone else’s information, please flag it for mods to redact.
I checked my magic ball and the email they used previously is: [see link below]
).