"Look, I can create a commit with someone elses e-mail address, and GitHub will think it was actually theirs!"
Of course, the question is: is there any way to prevent this in a simple way? Given anyone can push the final commit, you would need some sort of commit signing, but that sounds more pain than it's really worth.
Of course, the question is: is there any way to prevent this in a simple way? Given anyone can push the final commit, you would need some sort of commit signing, but that sounds more pain than it's really worth.