Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. The trend of anonymous bots sending mass contributions to Open Source repositories is guaranteed to lead to reputation farming followed by malicious contributions

The trend of anonymous bots sending mass contributions to Open Source repositories is guaranteed to lead to reputation farming followed by malicious contributions

Scheduled Pinned Locked Moved Uncategorized
2 Posts 2 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • galdor@fosstodon.orgG This user is from outside of this forum
    galdor@fosstodon.orgG This user is from outside of this forum
    galdor@fosstodon.org
    wrote last edited by
    #1

    The trend of anonymous bots sending mass contributions to Open Source repositories is guaranteed to lead to reputation farming followed by malicious contributions.
    Either we'll move to a signed system to verify human contributors (GPG style) or the OSS ecosystem is cooked.

    craigbro@infosec.exchangeC 1 Reply Last reply
    0
    • galdor@fosstodon.orgG galdor@fosstodon.org

      The trend of anonymous bots sending mass contributions to Open Source repositories is guaranteed to lead to reputation farming followed by malicious contributions.
      Either we'll move to a signed system to verify human contributors (GPG style) or the OSS ecosystem is cooked.

      craigbro@infosec.exchangeC This user is from outside of this forum
      craigbro@infosec.exchangeC This user is from outside of this forum
      craigbro@infosec.exchange
      wrote last edited by
      #2

      @galdor i think we’ll see more communities practice formal participation requirements and ceremonies like Debian does for its maintainers.

      1 Reply Last reply
      1
      0
      • R relay@relay.infosec.exchange shared this topic
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes

      • Login
      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • World
      • Users
      • Groups