sourcerer-io / sourcerer-app

🦄 Sourcerer app makes a visual profile from your GitHub and git repositories.
https://sourcerer.io/start
MIT License
6.73k stars 281 forks source link

False Attribution #600

Open antony opened 3 years ago

antony commented 3 years ago

Hi. It looks like if somebody creates a fork of a repository on github, then makes a bunch of changes (malicious or otherwise), the Sourcerer profile will suggest that a repository is "verified by network. We verify repos by comparing commits submitted by coworkers."

This behaviour is problematic when implying that an original author in any way endorses the work of the nefarious third party, simply based on the fact that the project is a fork. The author even appears in a list of avatars appearing to "endorse" or "verify" the work.

This is happening in an instance which could be seen to cause reputational damage to the original author (I will not mention names or repositories here to protect the innocent). Please consider the impact and implications of this functionality.

AlexisTM commented 3 years ago

I fully agree, endorsing should be at least an active action from the user perspective. Forking a project does not mean endorse all activity of a user.