Comment by latexr
> GitHub scam reports are so very unsatisfying (weeks go by, then random email about how they took some action).
Either you’re unlucky or I’m lucky, I’ve reported scammers to GitHub multiple times and always got a response in a couple of hours.
Same here, I get frequent spam on one specific (very popular) issue, and they always take care of it within an hour or two. I hide the spam myself to protect the users on the web (I can't do anything about the phishing emails though that gets sent [by default I think ?]), and their moderation wipe the spam account and sends a quick email to confirm.
Usually it's a new user who clones a few repositories to pass whatever mitigation they have.
Always get a "lots of reports, this may take a while" email first though. I don't think I ever not got that one.
I think there's something to be said about sending - by default - user generated content by email automatically if you've replied once to a thread. Lots of bad defaults here imho.