Should GitHub Allow Username Reuse?

Jesse Donat argues via Donut Studios why GitHub should never allow usernames to be valid again once they are deleted. He provides an example of a user who deleted his GitHub account and personal domain with a popular tool used for embedding data files into Go binaries. "While this is within his rights to do, this broke a dependency many people had within their projects," Donat writes. "To fix this, some users of the project recreated the account and the repository based on a fork of the project." Donat goes on to write: Allowing username reuse completely breaks any trust that what I pull is what it claims to be. What if this user had been malicious? It may have taken a while before someone actually noticed this wasn't the original user and the code was doing something more than it claimed to.

While Go's "go get" functionality is no doubt naive and just pulls the head of a repository, this is not exclusively Go's problem as this affects any package manager that runs on tags. Simply tag malicious changes beyond the current release and it would be deployed to many users likely with little actual review.

Re:better question: should github allow morons

Here's an idea: When a github account is deleted, after a short period github starts publishing random garbage (but valid git) at all the repo's urls. If this breaks your application, you are a moron.

Re:better question: should github allow morons

[slashdice]

They already detect if there are golang or javascript source code. That's a good starting point for moron removal.