It verifies the signature but I was able to just add a public key that I found o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kevincox on Feb 28, 2022 \| parent \| context \| favorite \| on: How to take credit for someone else's work on GitH... It verifies the signature but I was able to just add a public key that I found online to my account.

devrand on Feb 28, 2022 [–]

Will Github verify a commit associated with a GH account via an unverified e-mail address?

If so then it's probably fine since you would have to demonstrate ownership of an e-mail address that was contained in the signed payload, or you would have to be able to sign payloads yourself (i.e. you have the private key).

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact