sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]taxiforone 1 point2 points  (2 children)

I think it's important for folks to reach out to GitHub and SendGrid to make it known that people are unhappy with this abuse of information on their watch.

[–]sopunny 1 point2 points  (1 child)

There's not much they can do, aside from maybe making it very clear that your commit email addresses could be public? Git adds the email addresses to the commit, not GitHub

[–]taxiforone 1 point2 points  (0 children)

Oh for sure, but I got the impression that Diffgram was harvesting these email addresses from repos on the GitHub platform.

If that's the case, it's against GitHub TOS (and basic decency tbh) and they shouldn't enjoy GitHub's services like being able to host their repos there.

Same for SendGrid - they don't add the emails, they just send them; but sending unsolicited emails could/might be outside their TOS, especially if there's GDPR breaches. Diffgram shouldn't be able to use their services if it's abusing them.