Validate commit email address against LDAP or GitLab user email addresses
Force commits to only come from validated user accounts
Some customers / prospects have asked about forcing commits to only come from validated email addresses. Users often use multiple Git clients and (whether by accident or by design) sometimes have different email addresses configured in these. These customers would like us to provide a way to enforce the same verified email address for by each user. Such a feature would seem possible, but only for commits directly to GitLab. It also seems as if this gets to one of the fundamental ways that Git operates. To quote GitLab's tag line, "Anyone can contribute!" And indeed they can -- using any email address. But in a corporate environment, while use of any address is possible it is not always desirable.
One can easily see this request as a coming from someone with a fundamental misunderstanding of how Git operates and discard it. This is, though, a serious issue. If there is any way we can address even part of this issue we should endeavour to do so. It would make a good product differentiator for EE Premium. The page at the link below has a great deal of information regarding the nuances and arguments regarding this.
Proposal
Provide a git hook that ensures any commit to GitLab has an email address that is for a valid user (either local user or LDAP) and validate this by verifying that the authentication key presented matches the one used to authenticate.
Links / references
https://news.ycombinator.com/item?id=7792026
/cc: @victorwu