Comment by david_allison

3 days ago

They already do[0]

    62114487+david-allison@users.noreply.github.com

this includes a unique ID which survives account renames, and the name of the GitHub account at the time.

[0] https://docs.github.com/en/account-and-profile/reference/ema...

3 comments

david_allison

Reply
blobbers  3 days ago

How does the spammer get through this then?

  • david_allison  3 days ago

    If used/implemented correctly, they don't.

    * This is an optional feature via git config, with a further GitHub setting to reject commits pushed using your personal email address.

    * If the GitHub setting is disabled, some GitHub-generated commits/fixups use your personal email (e.g. squash merge in the GitHub UI).

    * I use my personal email in file-level copyright headers, even if the commits use the GitHub noreply email.

    * I have my personal email on my GitHub profile, visible to logged in users.

  • bstsb  3 days ago

    they don't. it's an optional process, and many users don't change their git config to use the provided email