423
If you're developing a FOSS project, be aware of cryptobros trying to PR a tea.yml into it. (connortumbleson.com)
submitted 8 months ago by db0@lemmy.dbzer0.com to c/opensource@lemmy.ml
94 comments fedilink hide all child comments

Yet another "brilliant" scheme from a cryptobro. Naturally this caused a gold-rush for scammers who outsourced random people via the gig economy to open PRs for this yml file (example)

you are viewing a single comment's thread
view the rest of the comments
[-] chebra@mstdn.io 0 points 8 months ago

@CrayonRosary having a pull request merged is in no way a proof of ownership of the repo, or a sign that the owner wants to participate in this scheme. There are better ways to prove ownership. It's relatively easy to slip in some file unnoticed, or falsely explain during the PR process what the file represents. So choosing this way of validation is a huge red flag about the whole scheme. It motivates people to falsely claim ownership of popular repos.

[-] CrayonRosary@lemmy.world 1 points 8 months ago

having a pull request merged is in no way a proof of ownership of the repo

That's literally what I was saying! That was the entire point of my comment!

this post was submitted on 27 Feb 2024
423 points (98.0% liked)

Open Source

31223 readers
217 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml