> I assume the most form of verification is checking the github account/reputation.
Did you mean to write "the most [used] form"? If so, it's unreliable. If you change your Git settings to use Torvals' email address, on GitHub it will show up as if your commits were made by his account[1].
I know that, but I postulate that people look at the author of the PR in githubs UI, not individual commits. Even if they did, the verified badge only points to a github profile anyway. So.. an attacker would much rather want to impersonate a github profile than a commit. I guess.
Did you mean to write "the most [used] form"? If so, it's unreliable. If you change your Git settings to use Torvals' email address, on GitHub it will show up as if your commits were made by his account[1].
[1]: <https://dev.to/martiliones/how-i-got-linus-torvalds-in-my-co...>