Comment by euph0ria

What is the process to trust the usage of this?

How can we learn the identity of the contributors? How are the contributors vetted? How are we notified if a significant change in leadership happens?

It's just a general problem when relying on GitHub accounts for important code.

For some reason I trust the big vendors to have better safe-guards against things like the questions above. Such as aws linux containers etc..

Would love to hear how other people think around this.