All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
These scammers copy the text from new issues verbatim, and paste them in a new issue in a "support" repo. They tag the original author so they get notified.
They then use GitHub Actions to reply with a phishing link and email.
This particular repo has been up for a week and has done this to 113 people.
The link leads to a page that impersonates GitHub support. Every link on that page leads to a crypto scam.
If you stumble across such a repository, please report it. You can report this one here.
Curse you, Team Rocket.
As if there needed to be more reasons to https://sfconservancy.org/GiveUpGitHub/
Surely this will re-occur anywhere there is sufficient footfall?
GitHub's reporting functions are limited. For example, it's not possible to report the issue or the reply from GitHub Actions. And the form for reporting the whole repository is somewhat broken and annoying to use
Yes. It always pains me when I see how tons of open source projects will not leave Github because of the network effect. Yes, it might be inconvenient... even punishing... but it needs to happen, especially after Microsoft bought Github. The ONLY way to counter the network effect (and contribute to meaningful change over time) is by NOT being part of the network effect. By remaining part of it, you're only helping Microsoft.
What alternatives are there? I am seriously unaware. Recommendations please
GitLab, Gitea and Codeberg
Also try to run it yourself at home.
I've been noticing that more and more projects are being hosted on Codeberg lately. Some examples:
on GitHub
Ah, there's your problem
Thanks.