Privacy Issue - GitLab can act as an email to name and username lookup
Problem to solve
This problem affects cloud-hosted GitLab, not self-hosted (as far as I know). When a commit is displayed in GitLab, a matching user is looked-up to find a username and full name to display. Since a commit in a git repo can be made using any email, any email can be checked for (1) if it has an account on GitLab, (2) what the user entered for their first and last name, and (3) what their username on GitLab is.
WHOIS has come under scrutiny for acting as an alias-to-real-person lookup. So this sort of behavior is worth reconsidering here, too. Could GitLab only render the name/username if the user has write access to the repo (in the case of private repos)? Would there be a way to put a similar restriction on public repos, such as sending that user an email requesting permission to render their information, without telling the repo owner whether or not that user exists?
In addition to the issue with displaying a real name (if the user gave one) is the email to username lookup. This would make it easier for a malicious user with partial information from a data leak to discover a likely username for an email address, to be used for login on other services, since people tend to reuse the same usernames.