On September 12, 2025 12:52 PM, usharerose wrote: >On Fri, Sep 12, 2025 at 11:00 PM <rsbecker@xxxxxxxxxxxxx> wrote: >> Some customers integrate single sign-on (SSO) via the user.email >> value. In the case of one customer I helped, the value is an SSO token >> used by GitHub for their integration. The token value does not conform to any >valid email address format. >> Adding an email validation will lock them out of using git. > >Thanks for your reply, Randall. > >I've fully understood the scenario you described. My follow-up question is: was this >use case something that was discovered and utilized later because people found >that Git doesn't validate the email format, or was it a scenario that the architects >anticipated early on in the project's history, leading to the deliberate decision to skip >the validation for flexibility? > >In other words, is this more of a case of "exploiting a perceived backdoor that later >became justified" or "a thoughtfully made design decision from the beginning"? > >Thanks again for sharing your insight. I cannot answer decisively. The functionality was first used in this customer about four years ago. I do not think any changes were required in git to accomplish this. It is possible GitHub had to have an enhancement but only they can answer that.
