[voidlogic]

practical gains? None.

theroetical gains?

* They can try to pick a server near them (I don't think the servers are geo-dist)

* No external DNS lookup (silly, whats a one-time cached 150 ms between friends)

* Immune to DNS outage (lol, if your DNS is working other stuff is prob broke..)

* More resistant to someone pretending to be github (expect that github uses HTTPS..)

So really no point I can think of... but is sure makes you computer brittle to github changing anything!

[moonie1]

One scenario: If you have a build server, say running jenkins, that consumes PRs from your private github repo and automatically runs them, someone from your team has to store an API key on it. Now imagine an attacker has gotten access to the network and is able to perform DNS cache poisoning.

[zapu]

Wouldn't the attacker also have to have github keys, cause it's all HTTPS or SSH?