What is the process to trust the usage of this?

How can we learn the identity of the contributors? How are the contributors vetted? How are we notified if a significant change in leadership happens?

It's just a general problem when relying on GitHub accounts for important code.

For some reason I trust the big vendors to have better safe-guards against things like the questions above. Such as aws linux containers etc..

Would love to hear how other people think around this.