maybe. Sorta? I think github has some pretty neat security stuff (the various scanning. the semmle acquisition). And while this did get fixed promptly, I think it’s also a bandaid because some backend can’t actually tell what org a commit is from. So there’s a shakey base.