- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
This doesn’t surprise me at all… Just like bots in games. Selling a service that benefits another. Its shady, but definitely believable.
Also, what if this is an actual viable way to “market” for an open source project?
But you still need the user accounts. Which must be created and are verified by email. Then you have to generate tokens for them to call the api endpoint to add the star. I’m not saying it isn’t doable, but it would be non-negligible and GitHub is going to squash you back at some point creating all those accounts from one source.
Right - the cost is your time instead of dollars.
I don’t like doing stuff, so I give my time an hourly rate of $100. Absolute BEST case scenario (for me) would be that this is a weekend project, so call it 10 hours.
So my best case break-even point would be 10K stars. Which seems like it’d be more than I’d need?
But the main point is that good and well-written code doesn’t need this sort of misdirection, nor would the authors generally engage in this sort of thing
You seem to imply bad programmers use these services to star-boost their otherwise mediocre code. That might be the case, but there are other –at least conceivable, if not yet proven– use cases for these star-boosting services, such as typosquatting, the promotion of less secure software as part of supply chain attacks (with organizations sticking to vulnerable libraries or frameworks in the erroneous belief that they are more popular and better maintained than alternatives, for example) and plain malware distribution.
I mean… I was sort of taking “good” code to imply “not malicious”, in addition to it being written well. But yeah, I completely agree, in the context of attack vectors you mention.