What is the recommended solution for preventing author spoofing? Our security team is nervous that anyone could make a commit, but use someone else's name/e-mail address.