Hello, people!
I am Elias, an FOSS user&activist who turned into a privacy consultant.
So far I've just following this discussion silently as I simply have been too busy. I wish to point out something that I think is of importance in this discussion.
When using Git in an FLOSS project (FLOSS here in wide sense - using any copyleft license), an important part of using Git is the act of accepting the license and thus giving certain IPR that usually belong to the author, to the project. This act of giving the IPR away must be documented as this kind of usage is an exception to legislation everywhere that I know of.
Personal information like name and email address are needed for identifying the person who is contributing the IPR. This is a legitimate interest mentioned recital 47 of GDPR.
From this point of view IMHO one could argue that as the information has
been accurate at the time of the act of committing (and simultaneously accepting the conditions mentioned in the copyleft license used), keeping the information intact is also possible.