Github has some very dangerous features when it comes to tagging and mentions. For example, when you add someone to an organisation, it autocompletes the username. We had someone with a fairly common name and accidentally added someone else to the org with a close but not identical name. Fortunately they didn't accept the invitation before we removed them again and added the correct person.
Right? This bugs me like hell. They make you jump through all kinds of hoops to attestate your source code and use layers upon layers of encryption, but make it the simplest thing to grant someone completely unrelated write access to all of your company’s code. Like what??
you need one of those new fancy GitHub EMU enterprises instead of a normal one. it is driven solely by an identity provider like Okta or AzureAD.
no one outside of your identity provider will ever know about you. your users have a read-only view of the greater github.com, but whatever access you give them within your enterprise.
it's impossible to make anything public in a GitHub EMU enterprise, and your users won't even be able to star repos outside of the enterprise, because that would reveal your presence.
if you can live without any public access to your stuff at all, have a look. you can convert your old enterprise org(s) to a Teams subscription and continue to publish open stuff there, but you'll need personal accounts there, like always.
I had that happen to me before. I accepted the invitation, looked at their stuff, and then submitted an issue/PR to remove myself. They panicked, I laughed a bit.
Yep, I got added to someones internal company trello board oncr. I commented a few times asking to be removed, and when it didn't happen, I started adding suggestions to their product designs. I got removed fairly quickly.
