| ▲ | Ask HN: I think we need Trustpilot for GitHub users, don't we? | |
| 1 points by itsmeadarsh 10 hours ago | 1 comments | ||
This vouch system actually doesn't work. Non-developers are polluting the entire ecosystem. I was reading this article and came across a new idea https://awesomeagents.ai/news/github-fake-stars-investigation/ GitHub doesn't verify users like other social services. However, not to ruin the verification badge like on X and to put that feature under a subscription, this needs to be changed (the verification badge will be accepted via a trusted group of maintainers). As a maintainer myself, I feel that these fake people can bring a large security risk, probably make it harder for us to decide what dependencies to use, for e.g. they can spread malicious packages through package indexes like PyPI, npmjs, jsr.io and crates.io. This thing can disintegrate the entire chain, making the system harder to recover. | ||
| ▲ | EddieLomax 2 hours ago | parent [-] | |
This vouch system? | ||