On Fri, Sep 12, 2025 at 11:00 PM <rsbecker@xxxxxxxxxxxxx> wrote: > Some customers integrate single sign-on (SSO) via the user.email value. In the case > of one customer I helped, the value is an SSO token used by GitHub for their > integration. The token value does not conform to any valid email address format. > Adding an email validation will lock them out of using git. Thanks for your reply, Randall. I've fully understood the scenario you described. My follow-up question is: was this use case something that was discovered and utilized later because people found that Git doesn't validate the email format, or was it a scenario that the architects anticipated early on in the project's history, leading to the deliberate decision to skip the validation for flexibility? In other words, is this more of a case of "exploiting a perceived backdoor that later became justified" or "a thoughtfully made design decision from the beginning"? Thanks again for sharing your insight.
