Don't worry, impersonation is not possible because of commit signing using GPG keys and signing off. GitHub includes a special mechanism called vigilant mode to enable that, but trust me, you don't even need that. The "Trusted" label on each signed commit is the sole authenticity.
Hmmm… Yes, no verified label in the contributors' list. But there will definitely be an unverified label in the commits if the person who is being impersonated has turned on vigilant mode. Also, in any legal processing, such commits would be deemed untrusted, because they won't be signed by the private key of the actual person.
What's more, it's why you should require contributors to sign any commit that's of actual legal interest, aka. any non-trivial contribution to an open source repository, so you can prove they willingly submitted their code to the repository knowing the license as well as having someone to blame if it turns out they stole the code :D
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Don't worry, impersonation is not possible because of commit signing using GPG keys and signing off. GitHub includes a special mechanism called vigilant mode to enable that, but trust me, you don't even need that. The "Trusted" label on each signed commit is the sole authenticity.
Linking to your GitHub profile in the commits and contributors is impersonating, isn't it? There is no verified label in the contributor list
Hmmm… Yes, no verified label in the contributors' list. But there will definitely be an unverified label in the commits if the person who is being impersonated has turned on vigilant mode. Also, in any legal processing, such commits would be deemed untrusted, because they won't be signed by the private key of the actual person.
That's why I recommend signing all commits.
What's more, it's why you should require contributors to sign any commit that's of actual legal interest, aka. any non-trivial contribution to an open source repository, so you can prove they willingly submitted their code to the repository knowing the license as well as having someone to blame if it turns out they stole the code :D