- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
This doesn’t surprise me at all… Just like bots in games. Selling a service that benefits another. Its shady, but definitely believable.
Also, what if this is an actual viable way to “market” for an open source project?
You seem to imply bad programmers use these services to star-boost their otherwise mediocre code. That might be the case, but there are other –at least conceivable, if not yet proven– use cases for these star-boosting services, such as typosquatting, the promotion of less secure software as part of supply chain attacks (with organizations sticking to vulnerable libraries or frameworks in the erroneous belief that they are more popular and better maintained than alternatives, for example) and plain malware distribution.
I mean… I was sort of taking “good” code to imply “not malicious”, in addition to it being written well. But yeah, I completely agree, in the context of attack vectors you mention.