|
|
|
|
|
|
by averysmallbird
1467 days ago
|
|
|
That's not fully Github's choice to make. They made a judgement call based on seemingly incomplete evidence, and have different incentives that everyone else. Repository owners may well have a different level of acceptable risk or legal obligations over the integrity of their source code. For example, if I was maintaining security software or a popular package, it would be entirely appropriate to stop everything and look for abuse. Waiting three months makes that harder. I'm not sure that's trust building. |
|
|