> but raw.githubusercontent.com would be as it doesn't allow data to be submitted to it

But raw.githubusercontent.com still contains code and now the attacker can publish the code he wants no!?

Don't get me wrong: I love the idea to secure as much as possible. I'm running VMs and containerizing and I eat firewalling rules for breakfast, my own unbound DNS with hundreds of thousands (if not millions) of domains blocked, etc. I'm not the "YOLO" kind of guy.

But I don't understand what's that different between raw.githubusercontent.com and github.com? Is it for exploits that are not directly in the source code? Can you explain a bit more?