phoebe-leong
commented
3 years ago I'm sorry, I didn't read the README.md file to the end. It seems that the user would need an authentication token. So would this mean that the user can only access their own email?
The only reason people would use this is to get a Github user's email if it wasn't public. Because I'm sure that they'd check if the user in question had a public email, and if they did then they would email them whatever they wanted to say. The same thing would happen if the Github account didn't have a public email. First the person would check the user's account, and then they'd go to this repo to get the email.
So, really, the only use case for this software would be malicious not to mention illegal. Furthermore, I highly doubt it actually works, considering that the software would have to hack into Github's database (I'm assuming private emails are protected the same way passwords are).
Apologies to be a bit of an asshole, but there are many reasons that a user may not want their email to be public. Letting someone get any Github user's email/s and possibly spam them or email them something rude or hateful is not something I particularly support. I'm glad that there is a message saying to use it responsibly but, as I've pointed out, the only use case is to break that rule.
If this is a security risk on Github's side, then I would appreciate it if you would point this out to them if you haven't already. Once again, sorry to be an asshole.