Yet another “brilliant” scheme from a cryptobro. Naturally this caused a gold-rush for scammers who outsourced random people via the gig economy to open PRs for this yml file (example)

  • @CrayonRosary
    link
    -29 months ago

    Am I stupid? How is this in any way confusing?

    I kept re-reading this line and it made no sense. All I need to do to claim ownership of a project is merge a pull-request? Do I own Laravel because I’ve gotten a pull request merged? (emphasis mine)

    Merging a pull request and having a pull request merged are two completely different things, and one very much requires you to own the project or have contributor rights to it. Which is exactly what the scammer is looking for proof of.

    How was the author confused by this? Or am I somehow the dummy here?

    • chebra
      link
      fedilink
      19 months ago

      @CrayonRosary having a pull request merged is in no way a proof of ownership of the repo, or a sign that the owner wants to participate in this scheme. There are better ways to prove ownership. It’s relatively easy to slip in some file unnoticed, or falsely explain during the PR process what the file represents. So choosing this way of validation is a huge red flag about the whole scheme. It motivates people to falsely claim ownership of popular repos.

      • @CrayonRosary
        link
        19 months ago

        having a pull request merged is in no way a proof of ownership of the repo

        That’s literally what I was saying! That was the entire point of my comment!