|
|
|
|
|
|
by klabb3
1571 days ago
|
|
|
Yes, but it isn't limited to non-verified emails, you can do it with verified emails as well. I assume it's already used to obscure deliberate security compromises in forks etc. There are many practical impersonation vectors. I assume Github is gonna have to require signed commits for profile links in the medium term future. |
|
|