Suppose a company has a large private GitHub repository. There are 200 GitHub accounts allowed to commit there. If it is discovered that the Git history of that private repo contains commits with suspicious code, obviously they were made by someone from the 200 allowed GitHub accounts. What if the rogue commiter specified an e-mail not known to the company (for example "user@example.com") in the commit metadata. From the GitHub UI, it is not possible to click on the user for that specific commit (from the list of all commits in a repo). Because the e-mail "user@example.com" is not tied to any GitHub user account.<p>How is it possible to discover original GitHub user of a rogue commit in a repository?
Does GitHub keep somewhere "pusher" information for each commit?