How to handle mysterious developer-access requests

Today I received an email notification from GitLab that someone wanted to join my project as a developer. Exciting!

Except that it doesn’t smell right:

  • Their account was created yesterday and has no activity
  • There was no message from the user included in the request and there’s no contact info on their profile
  • A web search for their name and relevant keywords to the work yields no results

So, I’m assuming that this is an attempt to get write access to the project for illicit use. But I wish I could do something as simple as respond to the request.

As the old issue on the subject of these notifications notes, there’s a lot of functionality missing from the access-request workflow. Anybody have any workarounds, or features I’m not seeing?