Who vets the sources, and using what scheme?
If email matches owner of repo, pull now. If not verified, ban and restore later.
If email matches owner of repo, pull now. If not verified, ban and restore later.