If the organization has public repositories, and the ex-employee has issues/PRs in those repositories, then I think they will continue to get notifications about followups to those issues.
Involvement with private repositories is removed as soon as the organization removes the employee, or the employee removes themselves.
I think the horror stories could only happen if the individual's account has been used for generating many API keys or similar, but there are other reasons not to rely on that sort of thing.
Involvement with private repositories is removed as soon as the organization removes the employee, or the employee removes themselves.
I think the horror stories could only happen if the individual's account has been used for generating many API keys or similar, but there are other reasons not to rely on that sort of thing.